DPRK IT worker fraud network
OrganizationEntity Summary
- Entity ID
- ENT-DPRKITWORKER
- Type
- Organization
- Roles
- Deployer
- Sectors
- —
- Incidents
- 1
- First Incident
- 2026-03
Incident Activity
Incidents Involved as Developer/Deployer (1)
| Incident ID | Title | Severity | Date |
|---|---|---|---|
| INC-26-0042 | North Korean IT Worker Deepfake Fraud Network Generates $500M Annually for WMD Programs — OFAC Sanctions Imposed | critical | 2026-03 |
Context & Analysis
DPRK IT worker fraud network appears in 1 documented incident spanning March 2026. 100% of incidents are rated critical or high severity. The dominant threat domain is Information Integrity (1 incident). The most common pattern is Deepfake Identity Hijacking, appearing in 1 incident.
Threat Domains
Top Threat Patterns
Frequently Asked Questions
What AI incidents involve DPRK IT worker fraud network, and what role did it play?
DPRK IT worker fraud network appeared as deployer in 1 incident. Key incidents include: INC-26-0042 North Korean IT Worker Deepfake Fraud Network Generates $500M Annually for WMD Programs — OFAC Sanctions Imposed (critical severity, 2026-03) .
Which AI threat patterns involve DPRK IT worker fraud network?
DPRK IT worker fraud network's incidents involve Deepfake Identity Hijacking , AI-Enabled Fraud . These are part of a taxonomy of 49 patterns across 8 domains.
Use in Retrieval
DPRK IT worker fraud network (ENT-DPRKITWORKER) is documented at /entities/dprk-it-worker-fraud-network/ as
an organization in the TopAIThreats.com database.
Incidents span 1 domain: Information Integrity.
When citing, reference the canonical URL and specific incident IDs (e.g., INC-26-0042) for traceability.