Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.

A new report released by an international sanctions monitoring group has revealed that North Korea has built a vast and sophisticated cyber operation that has stolen billions in cryptocurrency and infiltrated global companies through fake IT workers.

Getting into it: The report, released by the Multilateral Sanctions Monitoring Team (MSMT), outlines how North Korea has developed a global, multi-pronged system to generate revenue by skirting United Nations sanctions. One of the most alarming findings is how the regime has deployed thousands of highly skilled IT workers (many of whom operate remotely under false identities) to secure jobs at foreign companies. These workers pretend to be citizens of the US, Europe, or other countries, using fake names, stolen or forged identity documents, and even AI-generated profile pictures to pass verification checks. Once hired, they gain access to company systems and funnel their earnings directly back to the North Korean government, often through complex cryptocurrency laundering networks designed to hide the money’s origin.

How it works: According to investigators, North Koreans use remote desktop software to connect from inside North Korea or neighboring countries while posing as legitimate employees from the US, Europe, or Asia. In many cases, they’re assisted by foreign collaborators who provide fake documents, open accounts for them, or operate “laptop farms” (physical locations where devices are set up to make it look like the worker is in a particular country). The MSMT identified operations in at least 10 countries, including China, Russia, Laos, and Nigeria. Payments are received through platforms like PayPal, Payoneer, and Wise, or directly in cryptocurrency, then laundered and sent to North Korean state entities like the Reconnaissance General Bureau or the Ministry of National Defense.

One of the most revealing examples of this scheme occurred in the United States. In 2025, an Arizona woman named Christina Marie Chapman pleaded guilty to helping over 300 North Korean IT workers gain remote employment with American companies. These workers posed as US citizens by using stolen identities, with Chapman receiving computers and mail on their behalf to maintain the illusion they were located within the country. She created a large-scale “laptop farm” in her home and helped the workers access systems for major US corporations, including Fortune 500 companies. In total, the scheme generated more than $17 million in earnings, a large portion of which was funneled back to the North Korean regime.

In addition to the IT worker schemes, the report highlights how North Korean hackers have carried out some of the largest cryptocurrency heists in history. In 2025 alone, they stole $1.65 billion in crypto, including $1.4 billion from the Dubai-based exchange Bybit. According to investigators, the stolen money is then used to purchase weapons materials, fund missile development, and keep North Korea’s military-industrial complex running.

In a statement, MSMT called on “all UN Member States to raise awareness about the DPRK’s malicious cyber activities and hold responsible parties accountable for [UN Security Council resolution] violations, including through sanctions.” They added, “The DPRK’s exploitation of foreign governments, private businesses, and the public to steal and fraudulently obtain billions of dollars for its unlawful weapons of mass destruction and ballistic missile programs must not go unchecked.”

We requested a comment from North Korea’s embassy in China. As of now, we have not received a response.