Christina Chapman ran what she called a “laptop farm” from her home in Arizona—a neat arrangement of computers that allowed North Korean I.T. workers to masquerade as American freelancers. Programmers sitting in Pyongyang or elsewhere would remotely access Chapman’s machines, making it appear that they were logging in from the American Southwest. They used stolen identities, received payments through U.S. bank accounts that Chapman controlled, and earned hundreds of thousands of dollars monthly—money that flowed back to Kim Jong Un’s regime to fund its nuclear-weapons program. More than three hundred American companies, including Fortune 500 giants, were duped. Over seventy U.S. citizens had their identities stolen. Chapman, now forty-eight, has pleaded guilty to fraud.
Her operation was but one node in a vast, complex network through which North Korea—one of the world’s most isolated nations—has become a surprisingly formidable player in global cybercrime. While the country’s citizens suffer under multilayered international sanctions designed to cripple its nuclear ambitions, its state-sponsored hackers have stolen at least $2.8 billion in cryptocurrency between January, 2024, and September, 2025, according to a recent report by the Multilateral Sanctions Monitoring Team. This is not the work of rogue actors or freelance criminals; it is a carefully orchestrated state enterprise, as systematic as any export industry, with the proceeds funding ballistic-missile development and nuclear warheads.
For further reading on this topic, visit my LinkedIn:
- North Korean State-Backed Hackers Execute $10M+ LinkedIn Scam Campaign
- Fourteen North Korean nationals now stand indicted for orchestrating what investigators describe as one of the most sophisticated sanctions-evasion schemes in recent history
- A fascinating report from the Open Source Centre that reveals the true extent of North Korea’s artillery deliveries to Russia since 2023
The Sanction State
North Korea operates under what is perhaps the most comprehensive sanctions regime in modern history. The United Nations Security Council has adopted nine major sanctions resolutions since 2006, all passed unanimously, in response to the country’s nuclear and missile activities. These measures comprehensively restrict multiple sectors of the North Korean economy: trade in weapons, military equipment, dual-use technologies, vehicles, industrial machinery, and metals is prohibited; exports of electrical equipment, coal, minerals, seafood, agricultural products, timber, textiles, and gemstones are banned; petroleum imports are capped at four million barrels annually, with refined products limited to five hundred thousand barrels; natural-gas imports are entirely prohibited.
The European Union has layered its own sanctions atop the U.N. framework since 2006, expanding them significantly over the years. These include a total arms embargo, a ban on exporting aviation and rocket fuel, prohibitions on trade in gold and precious metals with the North Korean government, and—as of September, 2017—a complete ban on exporting petroleum and petroleum products. New investments in North Korea have been forbidden since 2017, financial services are restricted, and the assets of eighty individuals and fifty-seven entities are frozen. Joint ventures with North Korean entities are prohibited, and all cargo imported from or exported to North Korea must be inspected.
The United States has imposed even more extensive unilateral sanctions than the U.N. measures, covering a broader range of economic activities and individuals. Washington’s “maximum pressure” policy blocks from the U.S. financial system any foreign enterprise or individual that facilitates trade with North Korea. Sanctions target not just nuclear activities but also cyberattacks (including the 2014 Sony breach and the 2017 WannaCry ransomware attack), human-rights violations, money laundering, and censorship. Secondary sanctions extend to banks, companies, and individuals outside North Korea—particularly in China and Russia—who do business with the regime.
In early November, 2025, the U.S. Treasury Department announced sanctions against eight individuals and two entities for laundering money from cybercriminal operations that finance North Korea’s nuclear-weapons program. State-sponsored North Korean hackers have stolen more than three billion dollars in digital assets over the past three years through cryptocurrency theft, fraudulent I.T.-worker schemes, and other cybercrimes.
The Erosion of Enforcement
Yet the sanctions regime, for all its breadth, has proved remarkably porous. In March, 2024, Russia vetoed the extension of the U.N. Panel of Experts’ mandate—the body that had monitored sanctions compliance since 2009. No new U.N. sanctions have been imposed since 2018. Of the hundred and ninety-two U.N. member states, only seventy-eight have reported implementing the most recent sanctions resolution. Both Russia and China have vetoed proposed new measures.
North Korea, meanwhile, has developed sophisticated techniques for evading sanctions: using false identities and foreign passports, registering ships under foreign flags, falsifying documentation of mineral origin, conducting transactions through diplomatic missions, exploiting visa-facilitation agreements with thirty-nine countries, bribing customs officials, transferring oil on international waters, and smuggling goods across the Chinese border.
Ghosts in the Machine
The story of Park Jin Hyok offers a window into North Korea’s cyber operations. In 2018, the F.B.I. issued a groundbreaking indictment revealing Park’s role in the country’s cyber-warfare program. His photograph appeared on the F.B.I.’s Most Wanted list, but Park and his colleagues in the Lazarus Group remain at large, orchestrating some of the most sophisticated digital heists in history. The strategy first exposed through Park’s activities has evolved into something even more dangerous—a phantom economy that operates in the shadows of legitimate global commerce.
Consider the recent case involving Sławomir Mentzen, a Polish libertarian politician known for his tax-reform proposals. North Korean cybercriminals have been using deepfake technology to impersonate him—and other Western I.T. specialists—during video job interviews with technology companies in the U.S. and Europe. The hackers apply for positions, conduct interviews using Mentzen’s digitally replicated face while speaking fluent English, gain access to corporate systems and salaries upon hiring, and funnel the money back to Pyongyang. Experts suggest that Mentzen was chosen for his European appearance and the low likelihood that recruiters in the U.S. or Asia would recognize him. Mentzen himself has no connection to the scheme and is an unwitting victim of image theft.
The scale is staggering. According to Microsoft Security researchers, an advanced North Korean cyber operation has successfully stolen more than ten million dollars in cryptocurrency through elaborate LinkedIn scams alone. The platform’s professional veneer makes it an ideal hunting ground: hackers create convincing profiles, build networks, and lure victims into schemes that seem, at first glance, entirely legitimate.
Joshua Stanton, a Washington lawyer who helped draft the 2016 North Korea Sanctions and Policy Enhancement Act, told Al Jazeera that illegal funds generated through cybercrime have become a lifeline for North Korea. An investigative report by Al Jazeera in October, 2023, revealed that even North Korean restaurants abroad may play a crucial supporting role in money laundering. “In my opinion, number one is that the restaurants now serve solely for money laundering,” Stanton said, drawing a comparison to New York Mafia operations.
The Smuggler’s Database
The case of Shenghua Wen reveals the meticulous nature of North Korea’s sanctions-evasion efforts. Wen, a Chinese national, pleaded guilty to assisting North Korean intelligence in circumventing international sanctions. He was recruited by North Korean officials at consulates in China before arriving in the U.S. in 2012. He was chosen deliberately because “he was good at smuggling”—indicating that North Korea maintains databases of potential collaborators with useful criminal skills. It’s human-resources management for an illicit economy.
Research by 38 North, a publication of the Stimson Center, has uncovered surprising international collaboration by North Korea in artificial-intelligence research, despite U.N. sanctions. The regime has proved adept at exploiting the borderless nature of digital technology, participating in global scientific networks even as its people remain cut off from much of the world.
The Open Source Centre has documented the true scale of North Korea’s artillery shipments to Russia since 2023—a pipeline of ammunition that suggests the sanctions regime has failed to prevent Pyongyang from engaging in significant arms trade. An October, 2023, investigation revealed the inner workings of oil smuggling to North Korea, involving triads, ghost ships, and underground banks. While illegal deliveries to Pyongyang—which is developing a new generation of ballistic missiles and nuclear warheads—have been well documented, less known are the individuals behind the shadowy networks that enable Kim Jong Un’s regime to finance its nuclear ambitions.
The Cost of Complicity
In August, 2023, British American Tobacco agreed to pay U.S. authorities more than six hundred and thirty-five million dollars after a subsidiary admitted to conspiring to violate American sanctions by selling tobacco products to North Korea and committing bank fraud. The tobacco sales to the isolated Communist nation occurred between 2007 and 2017. Matthew Olsen, Assistant Attorney General for National Security at the Department of Justice, called the case “a warning shot for companies.” It represented “the largest single sanctions penalty related to North Korea” in the Justice Department’s history.
The penalties for violations can be severe: financial fines, asset freezes, exclusion from the international financial system, and criminal liability. Yet the incentives for evasion remain powerful, particularly as enforcement mechanisms weaken.
An Irresolvable Dilemma
North Korea’s sanctions regime presents a complex legal system requiring detailed analysis for any contemplated transactions. Yet it also illustrates a broader challenge in international law: How does one enforce economic isolation against a state that has made evasion a core competency? How does one sanction a country that has effectively turned its isolation into an advantage, using the very technologies meant to connect the world to circumvent the barriers erected against it?
The laptop farm in Arizona, the deepfake interviews, the ghost ships transferring oil on international waters, the restaurants laundering money—these are not merely criminal enterprises. They are symptoms of a system that has adapted to survive under pressure, that has transformed constraint into opportunity. Chapman’s guilty plea may have shut down one node in the network, but countless others remain, operated by individuals whose faces we may never see, whose identities may be as false as the ones they steal, whose only loyalty is to a regime that has mastered the art of operating in the shadows.
The sanctions regime was designed to bring North Korea to heel, to force it to abandon its nuclear ambitions through economic pressure. Instead, it has created a parallel economy—a phantom infrastructure that thrives in the gaps between national jurisdictions, in the blind spots of international enforcement, in the remote-work revolution that makes it impossible to know whether the programmer on the other end of the video call is really sitting in Arizona or Pyongyang. The regime is as isolated as ever, but it has never been more financially creative. And that, perhaps, is the greatest irony of all.
For legal assessment and compliance support regarding North Korean sanctions—including transaction evaluation, counterparty risk analysis, ownership-structure verification, and guidance on permissible humanitarian exceptions—specialized counsel is essential. The penalties for violations extend beyond financial consequences to potential criminal liability and exclusion from global financial systems.
