It was found that North Korea has stolen about 4 trillion won worth of virtual assets worldwide through illegal cyber activities from last year through September this year.
On the 22nd, the Multinational Sanctions Monitoring Team (MSMT) said in a report that North Korea stole a total of $2.84 billion (about 4 trillion won) in virtual assets from January 2024 to September 2025, and it is estimated to have siphoned off about $1.65 billion (about 2.3 trillion won) this year alone. MSMT is a multilateral body launched in October last year to support implementation of United Nations Security Council (UNSC) sanctions on North Korea.
The $1.19 billion (about 1.7 trillion won) in virtual assets North Korea stole last year is about one-third of the country's total foreign-currency revenue for that year. North Korea is believed to have laundered and cashed out the asset through overseas brokers in China, Russia, Hong Kong, and Cambodia.
The report also said the money-laundering process was linked to corporate-style criminal groups in Cambodia, where kidnappings, confinements, and torture targeting Koreans have recently come to light. North Korean nationals tied to the Reconnaissance General Bureau used Huione Pay of the Cambodian financial services conglomerate Huione Group for money laundering and maintained close ties with Huione Pay employees.
The report said North Korea is using virtual assets as a means of payment to conduct transactions in weapons and related materiel banned under UNSC resolutions, as well as raw materials such as gold and copper. Transferring funds to North Korean cyber groups under the command and control of entities subject to U.N. sanctions violates UNSC resolutions.
North Korean hacker groups and IT personnel hacked virtual asset exchanges in the United Arab Emirates (UAE), Japan, India, and Singapore. They posed as investors, entrepreneurs, and recruiters to approach victims and trick them into downloading malicious software. North Korea is strengthening its cyber organizations to generate regime revenue. Most of these groups are known to be under the Reconnaissance General Bureau, which is subject to U.N. sanctions.
MSMT said about 1,000 to 2,000 North Korean IT personnel are staying in at least eight countries, including China, Russia, Laos, and Cambodia. An estimated 1,000 to 1,500 are in China, 150 to 300 in Russia, and 20 to 40 in Laos, and they are believed to remit about half of their income to North Korea.
Despite UNSC resolutions banning the employment of North Korean overseas workers, revenue generated abroad by North Korean IT personnel is on the rise. North Korean IT personnel alone are estimated to have earned $350 million to $800 million (about 500 billion to 1.1 trillion won) in foreign currency last year. They are earning money by taking on work in the United States and Europe in artificial intelligence (AI), Blockchain, website development, the defense industry, and government projects.
It also emerged that North Korea stole technical information in the military, science, and energy sectors of Korea, the United States, the United Kingdom, and China through cyberattacks. The Reconnaissance General Bureau–affiliated hacker group "Andariel" extracted information in Korea's defense sector through software supply chain attacks, while another hacking group, "Kimsuky," mass-distributed malware to collect materials in Korea's construction sector.
The 11 countries participating in MSMT said in a joint statement that day, "North Korea is illicitly stealing billions of dollars from foreign governments, private corporations, and the general public to secure funding for its illegal weapons of mass destruction (WMD) and ballistic missile programs. We will continue to track and block North Korea's attempts to evade sanctions to ensure faithful implementation of UNSC sanctions on North Korea."