North Korea has established a shadowy sprawling global IT network that uses front companies to sell encryption technologies and software for fingerprint scanning or facial recognition, a startling new report has revealed.

The sale of high tech products appears to be aimed principally at generating foreign revenue to evade punitive sanctions imposed over the rogue regime’s nuclear programme, but the sensitive nature of the technology also raises worrying questions over its security implications.

The report from the James Martin Centre for Nonproliferation Studies in California details how North Korean firms have mastered the art of disguise, using foreign facilitators and opaque offshore jurisdictions to appear Chinese, Southeast Asian, or Russian to dupe unwitting clients.

“Once you start to take a look at North Korea’s IT networks you very quickly realise that the things you’re finding are very probably just the tip of the iceberg,” said Andrea Berger, one of the authors and a senior research associate at the Middlebury Institute of International Studies at Monterey.

According to Ms Berger, North Korea-linked IT firms are offering comprehensive IT packages for companies and developing apps or websites for customers ranging from small firms in Europe to a US primary school.