We are vigilant about DPRK activities.

This is a non-exhaustive list of reports from several sources.

We are always updating…

Topics

Catch Up on the Latest Highlights

New! Modified North Korean Submunition Used in FPV UAV in Ukraine

November 17, 2025

  • By the end of 2025, the aggressor state Russia plans to involve about 12 thousand North Korean workers to work at enterprises in the special economic zone “Alabuga” in Tatarstan.

  • It is in “Alabuga” that long-range drones of the Shaded/Geran type are manufactured, which the Russian army uses to carry out terrorist strikes on Ukraine’s civilian infrastructure.

  • To discuss the details of the sale of labor, at the end of October, a meeting was held at the Russian Ministry of Foreign Affairs between local officials and representatives of the DPRK company Jihyang Technology Trade Company, responsible for the search and selection of Korean workers.

  • The imported workforce is promised to be paid about 2.5 US dollars per hour of work, and the shift for workers will last at least 12 hours.

Source: Telegram.
More about “Alabuga”, a drone factory
What is Jihyang Technology Trade Company?

October, 2025

<Summary>

  • A Conflict Armament Research (CAR) field investigation team documented a North Korean–manufactured submunition recovered by Ukrainian authorities after a 23 September 2025 attack on Kherson. The device had been refitted for delivery by a weaponised first-person-view (FPV) UAV, illustrating a growing convergence between DPRK-origin legacy munitions and improvised Russian battlefield innovation.

  • Confirmed DPRK Origin

    • Submunition bears Korean markings, indicating production year Juche 89 (2000).

    • Ukrainian authorities have found additional DPRK submunitions dated Juche 89–99 (2000–2010).

    • Identified as a DPRK-produced copy of the US M42 High-Explosive, Dual-Purpose (HEDP) submunition.

  • Modification for UAV Deployment

    • Original arming and stabilization ribbon system removed.

    • Replaced with a 3D-printed detonator holder and an electric detonator inserted via a drilled lateral hole.

  • Battlefield Implications

    • Demonstrates integration of legacy DPRK cluster submunitions into modern FPV UAV strike systems.

    • Reflects a broader trend: conventional munitions + improvised UAV delivery mechanisms used to achieve precision, low-cost anti-armor effects.

    • CAR notes increased use of 3D-printed components and improvised electronics in Russian and Ukrainian FPV systems.

Source: CAR.

October 22, 2025

MSMT Releases Second Report Detailing DPRK Cyber and IT Worker Operations

<Summary>

  • DPRK operates a full-spectrum cyber army, rivaling China and Russia, to steal crypto and fuel its illicit WMD and missile programs—all under UN-designated entities such as the Reconnaissance General Bureau (KPe.031)Ministry of National Defense (KPe.054)Ministry of Atomic Energy and Industry (KPe.027)Munitions Industry Department (KPe.028)Office 39 (KPe.030), and the Second Academy of Natural Sciences (KPe.018).

  • Massive crypto heists drive Pyongyang’s revenue engine:
    • $1.19B stolen in 2024
    • $1.65B stolen from Jan–Sep 2025, dominated by the $1.4B Bybit mega-hack.

  • Global laundering pipelines: DPRK actors clean stolen crypto through services operating in China, Russia, Argentina, Cambodia, Vietnam, and UAE, before converting to fiat to support prohibited procurement.

  • Stablecoins as sanctions-evasion tools: DPRK entities—including Korea Mining Development Trading Corporation (KOMID) (KPe.001)—used cryptocurrency in arms transactions and procurement of raw materials such as copper for munitions production.

  • Widespread illicit IT-worker deployments (violating UNSCRs):
    • IT workers found in China, Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria, Tanzania
    • 1,000–1,500 based in China
    • Plans to dispatch 40,000 laborers to Russia, including IT teams
    • Foreign facilitators supporting them in Japan, Ukraine, UAE, and the United States.

  • China as the operational backbone:
    • DPRK depends on Chinese IT infrastructure, banks, and OTC brokers
    • At least 15 Chinese banks used for laundering IT and cyber-heist proceeds
    • Identities of DPRK and Chinese facilitators were already provided to China in 2024.

  • Cyber espionage surge against defense industries:
    DPRK cyber units steal sensitive intellectual property and defense technology to advance WMD and missile development, using social engineering, malware, and ransomware, and also target critical infrastructure.

  • All these cyber, laundering, and IT-work operations benefit UN-designated entities:
    • Korean Workers’ Party (assets freeze)
    • Reconnaissance General Bureau (KPe.031)
    • Ministry of National Defense (KPe.054)
    • Ministry of Atomic Energy and Industry (KPe.027)
    • Munitions Industry Department (KPe.028)
    • Office 39 (KPe.030)
    • Second Academy of Natural Sciences (KPe.018) 

 
Source: MSMT.

August 21, 2025

IAEA Director General’s Report on DPRK: Plutonium production continues, Uranium enrichment points to expanding capacity

  • Uranium Mining and Milling (Pyongsan)
    Continued indications of mining, milling, and concentrate production activities were observed at the Pyongsan uranium mine and concentrate plant, consistent with prior years.

  • Conversion and Fuel Fabrication
    Renovation of the UF₄ Production Process Building was completed and the facility appeared operational by October 2024. Ongoing activities were also observed in other buildings, including four newly constructed facilities — two of which are secured within a common perimeter — that exhibit features consistent with chemical processing.

  • Uranium Enrichment (Kangson and Yongbyon)
    The Kangson complex was confirmed to contain cascades of gas centrifuges — twelve cascades, each consisting of 344 centrifuges consistent with the production of LEU, although the possibility of HEU production elsewhere at the site cannot be excluded.
    At Yongbyon, the enrichment facility was confirmed to have expanded cascades in its original hall (Hall 1, six cascades), the 2013 extension (Hall 2, eight cascades), and the 2021–2022 annex (six cascades). The cascades, each of 344 centrifuges, remain configured for LEU production, and the facility continued operations during the reporting period. Centrifuges at both Kangson and Yongbyon appeared of the same type, with no indication of advanced centrifuge installation.

    In December 2024, satellite imagery showed the start of construction on a new two-storey building southwest of the 50MW(e) reactor at Yongbyon. By May 2025 the structure was externally complete, though work on surrounding support facilities was still ongoing. The building’s layout and dimensions closely resemble those of the Kangson enrichment facility, suggesting a similar potential function.

  • Reactors (Graphite-moderated and Light Water Reactor):
    The 5MW(e) Experimental Reactor at Yongbyon continued operations, with a shutdown of about 60 days between August and October 2024 sufficient to allow refueling, indicating the start of a seventh operational cycle.
    The LWR was shut down in September and October 2024, and again for much of April 2025, with brief additional shutdowns occurring intermittently thereafter.

  • Reprocessing (Radiochemical Laboratory):
    The steam plant serving only the Radiochemical Laboratory became fully operational by late January 2025 and has since run almost continuously, consistent with reprocessing of irradiated fuel from the 5MW(e) reactor’s sixth operational cycle. Additional waste management infrastructure was installed near the facility.

  • Nuclear-powered Submarine:
    In March 2025, the DPRK showcased the construction of a “nuclear-powered strategic guided missile submarine” at a shipyard in Sinpho. While imagery confirms a submarine hull under construction, the Agency is unable to verify whether a reactor has been developed or installed.

  • Weaponization and Nuclear Testing (Punggye-ri):
    The Punggye-ri nuclear test site remains in a state of readiness to support a nuclear test, though no significant new activity was observed during the reporting period.

    Read the full report

 
Source: IAEA.

August 17, 2025

Radio Free Asia’s 2023 exposé reveals the brutal exploitation of North Korean workers abroad, exposing blatant violations of UN sanctions in Russia.

<Radio Free Asia> 2023-9-20, 당국 외면 속 죽어가는 해외 북 노동자 (Overseas North Korean Workers Dying Amid Government Neglect).

<Summary>

Internal documents from a North Korean construction company operating in Russia, recently obtained by RFA, reveal that during the COVID-19 pandemic, workers who fell ill were denied proper medical care and, with the borders closed, were effectively abandoned in Russia, unable to return home.

  • Excessive Hours: Workers were forced into grueling construction work, often over 16 hours per day including night shifts.

  • Lack of Medical Access:

    • Many workers with serious illnesses (cancer, emphysema, heart disease) were denied hospital care due to high costs.

    • In extreme cases, workers even pulled out their own teeth because they could not go to hospitals.

  • Financial Exploitation:

    After state deductions, workers kept only $100 a month on average, making it impossible to afford medical bills of $5,000–6,000+.

  • Neglect by Authorities:

    North Korean authorities provided no medical or financial support, especially during the COVID-19 border closures, leaving workers effectively abandoned abroad.

    Read the whole article

One of the internal documents showing examples of North Korean vernacular

Source: DPRK Panel of Experts repot, S/2024/215, p. 431.

August 14, 2025

<BBC> North Koreans Sent to Russia to Work "Like Slaves"

<Summary>

  • Russia is importing tens of thousands of North Korean laborers to cover war-induced labor shortages-over 10,000 in 2024 and potentially over 50,000 in 2025.

  • The BBC interviewed six escapees who described:

    • 18-hour workdays, seven days a week.

    • Hazardous work conditions, often without adequate safety equipment or medical care.

    • Constant surveillance by North Korean security agent, with workers confined to sites.

    • Squalid living quarters, including bug-infested shipping containers and unfinished buildings.

    • Physical abuse when workers fall asleep due to exhaustion.

    • Most wages are collected by the regime; workers get only a small monthly amount after returning home.

  • These practices violate UN sanctions and constitute forced labor, reflecting widespread state exploitation.

    Source: BBC (Edited by DPRK Monitor).

    DPRK Monitor exposes more cases of North Korean worker exploitation in Russia (See above article by Radio Free Asia in 2023).

Source: BBC.

Useful link on DPRK human rights violations

August 8, 2025

Old Game, New Name: Sobaeksu and DPRK’s WMD Legacy

The US government has recently designated the Korea Sobaeksu Trading Company (Sobaeksu) for asset freezing, citing its involvement in foreign currency-generating activities conducted by DPRK IT workers.

However, by examining past DPRK Panel reports, it becomes clear that Sobaeksu is in fact connected to companies previously involved in WMD development—namely, NAMCHONGANG TRADING CORPORATION (NCG) and KOREA MINING DEVELOPMENT TRADING CORPORATION (KOMID).

More about the contents

Diagram of Links Between Kim Se Un, Sobaeksu, and DPRK WMD programme

Source: Maltego Graph Visualization by DPRK Monitor.

July 24, 2025

U.S. Treasury Sanctions North Korean Front Company and Individuals for Sanctions Evasion and Revenue Generation

<Summary>

  • The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Korea Sobaeksu Trading Company (also known as Sobaeksu United Corporation) and three North Korean individuals—Kim Se Un, Jo Kyong Hun, and Myong Chol Min—for their roles in evading U.S. and UN sanctions and clandestinely generating revenue for the DPRK government.

    Key points:

    • Sobaeksu acts as a front company for the DPRK’s Munitions Industry Department, involved in nuclear and missile development. It sends IT workers overseas (e.g., to Vietnam) and conducts nuclear procurement.

    • Kim Se Un is a key operator using foreign-based companies to hire North Korean IT workers abroad. A reward of up to $3 million is offered for information leading to his arrest/conviction.

    • Jo Kyong Hun, based in North Korea, leads Sobaeksu’s IT team and collaborates with Kim on cryptocurrency and financial schemes to support IT operations.

    • Myong Chol Min, a trade representative, helps facilitate business deals to evade sanctions and import goods (like tobacco) into North Korea. He is also subject to a $3 million reward offer.

More about Kim Se Un & Sobaeksu (朝鲜小白水联合会社)

July 20, 2025

Source: The MSMT.

MSMT Unveils Evidence of Sanctions‑Violating DPRK–Russia Military Ties at UN Briefing

<Summary>

July 2, 2025

North Korea to send as many as 30,000 troops to bolster Russia’s forces, Ukrainian officials say.

<Summary>

  • North Korea is reportedly preparing to send 25,000 to 30,000 additional troops to Russia, according to Ukrainian intelligence and corroborated by Western sources.

  • Around 11,000 North Korean soldiers were secretly deployed to Russia in late 2024. About 4,000 of them were killed or injured in combat, particularly during the defense of Russia’s Kursk region.

  • Ukrainian assessment states the Russian Ministry of Defense will supply equipment and arms, with the goal of integrating North Korean troops into Russian combat units, including potential involvement in large-scale offensive operations.

  • Satellite imagery shows troop transport ships and IL-76 cargo planes at Russian and North Korean ports and airports, suggesting preparations for further deployments.

  • Ukrainian officials and analysts suggest Pyongyang aims to deepen its "blood debt" with Moscow to gain long-term leverage, despite high short-term losses.

    (Edited by DPRK Monitor)

June 26, 2025

<MBC> 2025-06-26, 국회 정보위원회 백브리핑 (Background briefing by the National Assembly Intelligence Committee of the ROK).

ROK National Intelligence Service (NIS) Assessment of DPRK-Russia Military Cooperation

  • Russia may launch a major offensive in July or August.

  • In October 2023, North Korea deployed 11,000 personnel to Russia, followed by an additional 4,000 troops.

  • Russia recently announced the deployment of 6,000 military engineers and construction units for reconstruction in Kursk.

  • NIS believes further deployments could occur as early as July or August, citing past patterns and ongoing recruitment efforts in North Korea.

  • Russia is believed to have provided economic aid, air defense systems, and electronic warfare equipment, along with technical support for space launch engines, drones, and missile guidance systems.

    (Edited by DPRK Monitor)

    View full Korean script with English translation

June 17, 2025

Shoigu stated that the DPRK will send 5,000 construction workers to help with the reconstruction of the Kursk region.

June 9, 2025

May 20, 2025

 
Source: UN Web TV

“The DPRK’s unlawful nuclear weapons and ballistic missiles programs is inextricably linked to the regime’s human rights abuses as the programs are financed through the forced labor of North Korean citizens, at home and abroad.”