Thousands of North Koreans continue to work abroad in the information technology (IT) sector, multiple U.S. government agencies warned Tuesday, despite sanctions prohibiting Pyongyang from sending workers abroad.

According to a joint advisory by the Department of the Treasury, Department of State and Federal Bureau of Investigation (FBI), most of the North’s IT workers are in China and Russia, with a smaller number in Africa and Southeast Asia. 

Pyongyang dispatches thousands of “highly skilled IT workers around the world to generate revenue that contributes to its weapons of mass destruction (WMD) and ballistic missile programs,” the advisory states.

The “vast majority” of these tech workers are employed by entities directly involved in the North’s weapons programs, including the Munitions Industry Department, Ministry of Atomic Energy Industry and Korean People’s Army, among others, the advisory says.

The U.S. agencies note that although North Korean IT workers are not necessarily involved in malicious cyber activity — such as the country’s recent, massive cyber heists — the DPRK gains “privileged access” to enable cyber attacks.

The advisory adds that the DPRK’s overseas IT workers create a range of software products, including artificial intelligence, gambling programs and dating applications.

“DPRK IT workers can individually earn more than USD 300,000 a year in some cases, and teams of IT workers can collectively earn more than USD 3 million annually,” the U.S. agencies say.

According to North Korea cyber researcher Jason Bartlett from the Center for a New American Security (CNAS), China and Russia have exacerbated the problem by simply ignoring U.N. resolutions demanding they repatriate the DPRK’s IT workers.

The warning comes as some industry professionals have reported speaking with possible North Korean IT workers. Jonathan Wu of Aztec Network, an ethereum privacy startup, tweeted on Tuesday that his company had interviewed a suspected North Korean. Twitter user @schmackofant, who claims to work for the “decentralized drug development” platform VitaDAO, also wrote on Tuesday that a North Korean applied to work at his company. 

In its March 2021 report, the U.N. sanctions monitors revealed the discovery of a network of overseas North Korean workers based out of Jilin, China that used falsified identities to open accounts on freelancing platforms such as Upwork and Freelancer. The latest advisory includes guidance on how to protect against inadvertently hiring North Korean IT workers via such platforms.

The cyber attacks that the U.S. warns these workers enable can earn the regime millions of dollars. In a recent attack against blockchain-based video game Axie Infinity, for instance, North Korean hackers made off with over half a billion dollars worth of ethereum.

U.N. Security Council Resolution 2397, unanimously approved in Dec. 2017 in response to Pyongyang’s missile tests, banned North Koreans from working abroad after Dec. 22, 2019. North Korea’s near-total COVID-19 lockdown, however, has prevented countries from repatriating DPRK workers, including those in IT.

Updated on May 19, 2022 at 11:05 a.m. KST to include expert comment from Jason Bartlett. Edited by Arius Derr.