North Korea Dismisses U.S. Cybercrime Allegations as 'Absurd Slander' Amid Escalating Tensions

SEOUL – North Korea has vehemently rejected accusations from the United States that it is behind a wide-ranging campaign of cybercrime, including large-scale cryptocurrency thefts, dismissing the claims as "absurd slander" and a continuation of Washington's "hostile policy." This latest denial comes as the U.S. intensifies its efforts to counter Pyongyang's alleged illicit digital activities, which it asserts are critical to funding the North Korean regime's prohibited weapons programs. The ongoing dispute highlights a deepening chasm in international relations, characterized by persistent cyber warfare and profound geopolitical mistrust.

Escalating Accusations and Pyongyang's Vehement Denial

The United States has consistently implicated North Korea in a sophisticated and extensive cybercrime network, responsible for billions of dollars in stolen digital assets and a variety of malicious online operations. These allegations span years, encompassing high-profile ransomware attacks, bank heists, and, most recently, a significant focus on cryptocurrency platforms. U.S. officials assert that these state-sponsored cyber activities are designed to circumvent international sanctions and generate revenue for North Korea's nuclear and ballistic missile development. The U.S. Treasury Department, for instance, has estimated that North Korean state-sponsored hacking schemes have stolen more than $3 billion in digital assets over the past three years alone, a figure described as unmatched by any other foreign actor.

However, Pyongyang has categorically dismissed these accusations. In recent statements, North Korea's Foreign Ministry has characterized the U.S. claims as a "fabrication" and "groundless disinformation" aimed at tarnishing the country's image and violating its sovereignty. An official statement conveyed through state media suggested that Washington is deliberately creating a "non-existent cyber threat" narrative for political purposes, further asserting that the U.S. is the true instigator of instability in international cyberspace. This rebuttal underscores North Korea's consistent position that it is the victim of a smear campaign by a hostile power.

The Modus Operandi of Alleged State-Sponsored Hacking

U.S. intelligence agencies and cybersecurity experts frequently attribute these cyberattacks to various North Korean state-sponsored groups, most notably the Lazarus Group. This entity, also known by aliases such as APT38, Hidden Cobra, ZINC, and Diamond Sleet, is believed to operate with subgroups like Andariel and Bluenoroff. These groups are accused of employing a range of tactics, including the development of custom malware, innovative attack techniques, and meticulous operational planning.

The alleged cyber offensive has targeted diverse sectors globally. Past incidents widely attributed to North Korea include the 2014 Sony Pictures Entertainment hack, the attempted $1 billion Bangladesh Bank heist in 2016 (from which $81 million was stolen), and the widespread WannaCry ransomware attack in 2017, which impacted over 300,000 computers across 150 countries. More recently, the focus has shifted heavily towards virtual currencies. North Korean hacking groups are reportedly responsible for numerous cryptocurrency thefts, with one subgroup, TraderTraitor, allegedly stealing approximately $290 million from the restaking protocol Kelp DAO in April 2026 alone. Other significant crypto heists include $1.5 billion from Bybit in 2025, $1.34 billion in digital assets in 2024, $620 million from the Ronin Network in 2022, $100 million from Harmony's Horizon bridge in 2022, and $41 million from Stake.com in 2023.

Beyond direct hacking, the U.S. has also highlighted North Korea's alleged use of illicit IT worker schemes. These operations involve North Korean operatives who obscure their identities, often using stolen U.S. identities or fabricated credentials, to secure remote employment with unsuspecting foreign firms. This tactic not only generates revenue but also potentially allows for the infiltration of company networks and the theft of sensitive data. To further complicate attribution, North Korean cyber operations are often routed through third-country networks, particularly in China, Russia, and Southeast Asian nations, leveraging their infrastructure to obscure the origin of attacks.

Funding a Prohibited Program

The primary motivation behind North Korea's alleged cyber activities, according to U.S. and international assessments, is to evade crippling international sanctions and generate critical funds for its weapons of mass destruction and ballistic missile programs. Cybercrime has emerged as a cost-effective and highly lucrative method for Pyongyang to offset the economic damage caused by sanctions. A United Nations panel estimated that North Korean cyberattacks since 2017 have stolen over $3 billion in cryptocurrency, directly linking these funds to the regime's military development. Another report indicated that money laundered through cybercrimes might fund at least half of North Korea's nuclear weapons program.

This financial lifeline is crucial for a regime facing severe international isolation and economic restrictions. The proceeds from these digital heists reportedly support everything from the procurement of materials for weapons development to the general sustenance of the state. The effectiveness of cybercrime in bypassing traditional financial safeguards makes it an attractive and continuously evolving strategy for North Korea's leadership.

Geopolitical Standoff and Countermeasures

The allegations of North Korean cyber activity have significant geopolitical implications, further exacerbating the already strained relationship between Washington and Pyongyang. The U.S. has responded to these threats with a range of countermeasures, including imposing sanctions on individuals and entities implicated in North Korean cyber operations and illicit IT worker schemes. These sanctions aim to disrupt financial mechanisms and deter further illicit activities. The U.S. Department of Justice has also pursued indictments against North Korean nationals accused of cybercrime, including four individuals charged in connection with stealing and laundering approximately $900,000 in cryptocurrency. Additionally, the U.S. Department of State's Rewards for Justice program offers substantial rewards, up to $10 million, for information leading to the identification or location of individuals engaged in malicious cyber activities against U.S. critical infrastructure.

North Korea, in turn, has not only denied the accusations but also warned of "necessary measures" to protect its national interests and the rights of its citizens in cyberspace. Pyongyang views these U.S. actions as provocative and an infringement on its sovereignty, signaling a readiness to retaliate against what it perceives as hostile enforcement efforts. This ongoing cyber conflict thus remains a critical facet of the broader U.S.-North Korea standoff, with both sides entrenched in their respective positions.

The cyber domain has become a significant battleground in the protracted confrontation between North Korea and the United States. While Washington continues to present detailed evidence and impose penalties for what it describes as state-sponsored digital criminality, Pyongyang steadfastly dismisses these claims as politically motivated fabrications. The substantial sums allegedly acquired through cyber activities reportedly provide a vital, if illicit, revenue stream for North Korea's nuclear ambitions, complicating international efforts to curb its weapons programs. As technology evolves, so too do the methods of digital espionage and theft, ensuring that this high-stakes cyber standoff will continue to shape global security and international relations for the foreseeable future.