Interagency delegations from the United States, Japan and the Republic of Korea met in Washington, D.C. on June 25 and 26, 2026, to coordinate responses to DPRK cyber threats, including cryptocurrency theft, laundering, IT worker schemes and malicious cyber activity linked to sanctioned weapons programmes.
The State Department said the meeting formed part of the Trilateral Diplomatic Working Group on DPRK Cyber Threats. The talks focused on cyber-enabled revenue generation, sanctions enforcement and private-sector cooperation, with all three delegations linking the activity to DPRK weapons of mass destruction and ballistic missile development.
US Allies Coordinate On DPRK Cyber Threats
The State Department said delegations from the United States, Japan and the Republic of Korea gathered in Washington for two days of coordination. The meeting focused on DPRK cyber threats and the revenue channels that can support sanctioned activity.
Additionally, all three delegations reiterated their commitment to the complete denuclearization of the DPRK. The meeting treated DPRK cyber activity as part of a wider sanctions, revenue and weapons-financing concern.
Meeting Scope Covers Cyber Revenue Risks
The State Department identified four central areas of concern: cryptocurrency theft, laundering, IT worker schemes and malicious cyber activity. Those categories show how the working group is connecting cyber operations with financial enforcement.
| Indicator | Recent Movement | Context |
|---|---|---|
| Meeting location | Washington, D.C. | The State Department said the trilateral delegations met on June 25 and 26, 2026. |
| Reported theft incidents | $290 million and $285 million cited | The State Department said participants noted reports involving KelpDAO and Drift Protocol. |
| Industry risk | AI-enabled IT worker schemes raised | The State Department said DPRK IT workers are increasingly using AI capabilities in schemes affecting companies. |
DPRK Cryptocurrency Theft Draws Concern
The State Department said representatives from the three countries expressed concern over cryptocurrency heists perpetrated by the DPRK. The release cited reported incidents including the theft of $290 million from KelpDAO and $285 million from Drift Protocol.
However, the media note framed those figures as reports noted by participants, not as a court finding in the release. The practical effect is that cryptocurrency platforms, exchanges and enforcement bodies remain central to efforts aimed at interrupting DPRK cyber-enabled revenue generation.
Reported Heists Show Scale Of Illicit Activity
The two reported theft figures cited by the State Department show the scale of assets under discussion. Together, the named incidents represented hundreds of millions of dollars in reported cryptocurrency losses.
Additionally, the Treasury Department has previously said DPRK cybercrime and IT worker activity are used to generate revenue for weapons of mass destruction and ballistic missile programmes. That official framing connects digital asset theft with sanctions enforcement and international security policy.
IT Worker Schemes Raise Industry Risks
The State Department said the delegations noted the increasing risk posed by DPRK IT workers using AI capabilities. The stated concern is that such workers can use deception to defraud U.S. and international companies.
The Justice Department has previously described North Korean remote IT worker schemes involving false identities, alias emails, online job platforms and proxy infrastructure. For companies, the schemes increase the importance of hiring checks, identity verification and internal detection measures.
Detection And Mitigation Efforts Are Emphasised
The State Department said representatives from all three countries committed to support industry efforts to enhance detection and mitigation. That commitment places private companies inside the defensive response, rather than treating the issue as a government-only enforcement problem.
- Industry exposure: the State Department said DPRK IT workers using AI capabilities present an increasing risk to U.S. and international companies.
- Detection focus: the State Department said participants committed to support industry efforts to identify and reduce fraudulent schemes.
- Prior enforcement context: the Justice Department has linked DPRK remote IT worker schemes to illicit revenue generation and U.S.-based enablers.
Sanctions Enforcement Remains Central
The State Department said participants reiterated the importance of continued law enforcement cooperation and coordination. The stated purpose was to strengthen enforcement of international sanctions against the DPRK.
Additionally, the release said the activity being targeted includes revenue that can support unlawful development of weapons of mass destruction and ballistic missiles. The working group treated cyber activity, sanctions evasion and weapons financing as connected policy areas.
Law Enforcement Cooperation Supports Sanctions Goals
The State Department framed law enforcement cooperation as part of the effort to prevent malicious cyber activity and illicit revenue generation. That gives the meeting a practical enforcement dimension beyond diplomatic alignment.
The Treasury Department has also used sanctions authorities against DPRK-linked financial actors and institutions connected to illicit revenue activity. However, the State Department media note did not announce new sanctions, charges or seizures from the June 2026 meeting.
Private Sector Expertise Supports The Working Group
The State Department said participants emphasized the importance of leveraging private-sector expertise. The release named Coinbase, Mandiant Threat Intelligence, Polymarket and Upwork as participants in the inaugural private-sector session of the working group.
This matters because the named areas of concern touch cryptocurrency platforms, threat intelligence, online markets and remote work channels. Additionally, the inclusion of private-sector participants suggests the working group is seeking operational input from companies exposed to DPRK cyber and employment-related schemes.
Stakeholder Comments
The State Department expressed gratitude to Coinbase, Mandiant Threat Intelligence, Polymarket and Upwork for participating. The release did not include direct comments from those companies.
That distinction matters for source visibility. The article can identify the companies as participants in the State Department-described session, but it should not attribute positions, commitments or statements to them beyond what the department released.
The June 2026 working group meeting showed continued trilateral coordination between the United States, Japan and the Republic of Korea on DPRK cyber threats. The State Department linked the discussion to cryptocurrency theft, IT worker schemes, sanctions enforcement and efforts to deny revenue for sanctioned weapons activity.
The release did not announce new enforcement actions, but it placed government coordination and private-sector expertise inside the same response framework.
Sources: U.S. Department of State, U.S. Department of Justice, U.S. Department of the Treasury.
Prepared by Ivan Alexander Golden, Founder of THX News, an independent news organization delivering timely insights from global official sources.
Research combines AI-assisted analysis with human-edited accuracy and context.
