DPRK state-affiliated IT worker fraud network

Threat Actor

Entity Summary

Entity ID: ENT-DPRKSTATEAFF
Type: Threat Actor

Roles: Threat Actor
Sectors: —
Incidents: 1

First Incident: 2026-03

Incident Activity

Incidents as Threat Actor (1)

Incident ID	Title	Description	Severity	Date
INC-26-0042	North Korean IT Worker Deepfake Fraud Network Generates $500M Annually for WMD Programs — OFAC Sanctions Imposed	Over 6,500 cases of deepfake-assisted fake identity remote job applications were documented as part of a North Korean…	critical	2026-03

Context & Analysis

DPRK state-affiliated IT worker fraud network appears in 1 documented incident spanning March 2026. 100% of incidents are rated critical or high severity. The dominant threat domain is Information Integrity (1 incident). The most common pattern is Deepfake Identity Hijacking, appearing in 1 incident.

Threat Domains

Information Integrity (1)

Top Threat Patterns

Deepfake Identity Hijacking (1) AI-Enabled Fraud (1)

Frequently Asked Questions

What AI incidents involve DPRK state-affiliated IT worker fraud network, and what role did it play?

DPRK state-affiliated IT worker fraud network appeared as threat actor in 1 incident. Key incidents include: INC-26-0042 North Korean IT Worker Deepfake Fraud Network Generates $500M Annually for WMD Programs — OFAC Sanctions Imposed (critical severity, 2026-03) .

Which AI threat patterns involve DPRK state-affiliated IT worker fraud network?

DPRK state-affiliated IT worker fraud network's incidents involve Deepfake Identity Hijacking , AI-Enabled Fraud . These are part of a taxonomy of 49 patterns across 8 domains.

Use in Retrieval

DPRK state-affiliated IT worker fraud network (ENT-DPRKSTATEAFF) is documented at /entities/dprk-state-affiliated-it-worker-fraud-network/ as a threat actor in the TopAIThreats.com database.

Incidents span 1 domain: Information Integrity.

When citing, reference the canonical URL and specific incident IDs (e.g., INC-26-0042) for traceability.