The U.S. and other members of a multilateral sanctions monitoring initiative briefed the U.N. on North Korea’s illicit cyber operations on Monday, three months after publishing a report on the growing threat posed by Pyongyang’s cryptocurrency theft, APA reports, citing nknews.org.
The 11-nation Multilateral Sanctions Monitoring Team (MSMT) reported that DPRK cybercriminals stole at least $2.8 billion from at least 40 attacks targeting cryptocurrency companies and individual customers worldwide between Jan. 2024 and Sept. 2025, the State Department said in a press release Monday.
Over $1.6 billion was stolen in the first nine months of 2025 alone, according to the MSMT report, which was released in October.
North Korean cybercriminals went on to steal over $400 million in the final quarter of the year to reach an annual haul of over $2 billion, U.S. Principal Deputy Assistant Secretary for East Asian and Pacific Affairs Jonathan Fritz said at the report’s rollout at the U.N. headquarters in New York.
This sum represents a “conservative” estimate, according to Fritz. However, it aligns closely with U.S. blockchain analytics firm Chainalysis’s assessment last month that North Korea stole cryptocurrency worth over $2 billion in 2025, the most any actor or state has ever stolen in a single year.
The event at the U.N. took place hours after North Korea’s Permanent Mission to the U.N. condemned the U.S. for its plans to present what it claimed was “fabricated” information about Pyongyang’s cyber activities, rejecting the MSMT as an “illegal organization” with no international standing.
The State Department warned on Monday that North Korea’s cyber program has “reached a level of sophistication approaching that of China and Russia” and poses a “serious, pervasive threat” to the U.S. and international community.
The MSMT report highlights the growing scale of this threat, identifying over 40 countries and territories targeted by North Korean cybercriminals and remote IT workers earning money for the regime.
“The DPRK’s cyber and IT worker activities, whether through asset freeze evasion or by allowing North Korean nationals to earn income abroad, violate a series of U.N. Security Council resolutions … and support the unlawful development of weapons of mass destruction and ballistic missiles,” Fritz said.
The State Department presented North Korean cybercrime actors’ efforts to steal sensitive information and intellectual property from defense companies worldwide in support of Pyongyang’s weapons programs as a significant threat.
The report also highlighted North Korea’s global network of IT workers and facilitators as key players facilitating laundering and procurement for Pyongyang, with China and Russia serving as the main bases for these overseas operatives.
The MSMT previously informed the U.N. about the report’s release in November, but did not formally present its findings to the global body until now.
The 140-page document on North Korea’s cybercrime and IT worker operations was the MSMT’s second report outlining DPRK sanctions evasion activities, with the first report in May focusing on military cooperation with Russia.
The MSMT was established after Russia vetoed the renewal of the former U.N. Panel of Experts in 2024, resulting in the loss of a key source of information on Pyongyang’s sanctions evasion.
The new body lacks the U.N. mandate of its predecessor, but Fritz emphasized its impact in shining a light on North Korea’s illicit activities.
On Monday, he stated that U.N. member states have begun taking action after the October report and praised Pakistan for recently apprehending an individual identified in the report as a facilitator of North Korea’s IT worker schemes.
However, international efforts to counter DPRK sanctions evasion still face major hurdles for enforcement, particularly from Pyongyang’s main allies, China and Russia.
According to the MSMT, North Korea relies heavily on Chinese infrastructure and financial institutions to launder funds, including at least 19 banks and a network of over-the-counter traders who cash out stolen cryptocurrency.
Trump and Zelensky’s meeting postponed to an earlier date Secretary of State speaks about role of US in resolving Armenia-Azerbaijan conflict Trump defends ICE agent after fatal shooting in Minnesota
Read more on Azeri – Press Informasiya Agentliyi
