North Korean state-affiliated operators
OrganizationEntity Summary
- Entity ID
- ENT-NORTHKOREANS
- Type
- Organization
- Roles
- Developer
- Sectors
- —
- Incidents
- 1
- First Incident
- 2026-03
Incident Activity
Incidents Involved as Developer/Deployer (1)
| Incident ID | Title | Severity | Date |
|---|---|---|---|
| INC-26-0042 | North Korean IT Worker Deepfake Fraud Network Generates $500M Annually for WMD Programs — OFAC Sanctions Imposed | critical | 2026-03 |
Context & Analysis
North Korean state-affiliated operators appears in 1 documented incident spanning March 2026. 100% of incidents are rated critical or high severity. The dominant threat domain is Information Integrity (1 incident). The most common pattern is Deepfake Identity Hijacking, appearing in 1 incident.
Threat Domains
Top Threat Patterns
Frequently Asked Questions
What AI incidents involve North Korean state-affiliated operators, and what role did it play?
North Korean state-affiliated operators appeared as developer in 1 incident. Key incidents include: INC-26-0042 North Korean IT Worker Deepfake Fraud Network Generates $500M Annually for WMD Programs — OFAC Sanctions Imposed (critical severity, 2026-03) .
Which AI threat patterns involve North Korean state-affiliated operators?
North Korean state-affiliated operators's incidents involve Deepfake Identity Hijacking , AI-Enabled Fraud . These are part of a taxonomy of 49 patterns across 8 domains.
Use in Retrieval
North Korean state-affiliated operators (ENT-NORTHKOREANS) is documented at /entities/north-korean-state-affiliated-operators/ as
an organization in the TopAIThreats.com database.
Incidents span 1 domain: Information Integrity.
When citing, reference the canonical URL and specific incident IDs (e.g., INC-26-0042) for traceability.