North Korea has been under intense international sanctions for years, but somehow, somewhere, it continues to sustain—and even expand—its military and weapons programs. It is not a matter of obstinacy or resolve. What sustains the regime is a vast and highly sophisticated network of shadow networks spanning borders and working largely underground. For anyone who wants to make sense of the North Korean threat, these underground systems are the key.
At the core of North Korea’s weakness is its heavy dependence on foreign fuel. The nation has no noticeable oil reserves, and its crude refining capacity is limited at best. Thus, it relies significantly on external sources to provide its energy requirements—fuel that runs everything from factories to military hardware to gun production. As the UN imposed tight restrictions on oil imports, North Korea refused to buckle. Rather, it became innovative—p, penetrating deeper into the black market fuel economy of East Asia. Investigations have revealed how the regime tapped into the pre-existing smuggling networks, exploiting loopholes in the law as well as cross-border price variations to ensure fuel supplies. Locations such as Taiwan, with its low fuel prices and convenient access to shipping lanes, have become significant centers in this business undetected.
What is particularly disturbing is just how sophisticated North Korea’s smuggling operation has become, particularly on the seas. Satellite photos and ship-tracking data have revealed an elaborate system at work. Some ships, so-called “dirty” vessels, sail directly to North Korean ports. Others referred to as “clean” ships conduct clandestine deliveries at sea, transferring fuel ship-to-ship far from the port.
They’re not done on the spur of the moment. Some are operated by crime syndicates, some with roots in southern China, and supported by regional oil traders. To keep their tracks covered, they employ shell companies, offshore bank accounts, and a labyrinth of bogus documents that create a nearly impenetrable trail for investigators to follow the fuel to its ultimate destination.
But smuggling is not the only game Pyongyang plays. The regime has also become more and more sophisticated with its money. It employs alternative banking systems and incorporates front companies in countries with lax regulatory environments. These shell companies—in many cases, in Hong Kong or the UAE—enable North Korea to transfer funds, purchase weapons technology, and evade global financial systems. Ring a bell? It should. The same arrangement was recently revealed concerning Iran. They both employ sham invoices, transactions in layers, and middlemen to transfer funds without being detected, all while keeping high-ranking officials better-fed and global enforcers off their backs.
In recent years, cybercrime has become one of North Korea’s most reliable tools. In one notable case, U.S. prosecutors charged a North Korean hacker named Rim Jong Hyok. He allegedly helped carry out ransomware attacks on U.S. hospitals and critical infrastructure. He operated with the regime’s military intelligence division, channeled the cash through China-based networks, and assisted with reinvesting the funds in subsequent hacking operations, the charges alleged. The cyber gang he collaborated with—”Andariel” among cybersecurity pros—is thought to have built specialized hacking tools and targeted high-value assets such as blueprints of military aircraft and nuclear technology information.
But ransomware is only part of the picture. North Korea has inserted its own IT employees surreptitiously into the worldwide freelance labor force. There are reports that most of them, posing as freelance engineers or programmers, have obtained employment with Western technology firms. Once recruited, they gain access to sensitive information, earn money, and channel it all back to the state.
These activities are facilitated by Chinese companies that make payments, conceal identities, and provide logistical services. A single Chinese company was blacklisted for exporting IT equipment to a North Korean ministry of defense that is involved in weapons trade. More research discovered several dozen more companies within the same network, demonstrating how extensive the support network is.
China-based actors—private companies as well as unscrupulous middlemen—are intricately integrated in these operations. They offer shipping lanes, banking services, cyber support infrastructure, and so on. With the use of shell companies and regulatory loopholes in the likes of Hong Kong and the Gulf, they assist North Korea in discovering the cracks in worldwide pressure and pass right through them.
To stem this tide, the international reaction has been robust—but it’s an ongoing game of catch-up. The U.S. has issued indictments, frozen assets, and collaborated with allies to shut down these networks. The recent charges against hackers such as Rim indicate that law enforcement is starting to target those in the background. Sanctions on banks and middlemen send another powerful message: if you assist North Korea, you’re a target.
Nevertheless, North Korea continues to evolve. Whether it’s diverting ships, discovering new money tricks, or exploiting the gig economy, the regime remains ahead of the game. These efforts are sprawling, multifaceted, and frequently cloaked in plain sight. And for anyone genuinely interested in reining in Pyongyang’s military drive, it’s apparent that shallow responses won’t suffice. The actual challenge is to chart and destroy the well-established networks that support the regime, and that will take persistence and a much better understanding of the way the shadow economy functions.