-
<US Department of Treasury> 2025-7-24, Treasury Sanctions Clandestine IT Worker Network Funding the DPRK’s Weapons Programs.
<US Justice Department> 2025-1-23, Two North Korean Nationals and Three Facilitators Indicted for Multi-Year Fraudulent Remote Information Technology Worker Scheme that Generated Revenue for the Democratic People’s Republic of Korea (IT Worker)
<US Justice Department> 2024-12-12, Fourteen North Korean Nationals Indicted for Carrying Out Multi-Year Fraudulent Information Technology Worker Scheme and Related Extortions (IT Worker)
<UK, Office of Financial Sanctions Implementation> 2024-9-12, Advisory on North Korean IT Workers.
<38 North> 2024-8-21, North Korea’s International Network for Artificial Intelligence Research.
<US Justice Department> 2024-8-8, Justice Department Disrupts North Korean Remote IT Worker Fraud Schemes Through Charges and Arrest of Nashville Facilitator (IT Worker)
<KnowBe4 (cyber security company)> 2024-06-23, How a North Korean Fake IT Worker Tried to Infiltrate Us.
-
<U.S. Departments of State and Treasury, and the Federal Bureau of Investigation> 2022-5-16, GUIDANCE ON THE DEMOCRATIC PEOPLE’S REPUBLIC OF KOREA INFORMATION TECHNOLOGY WORKERS.
-
<UN Security Council Arri-formula> 2025-1-14, Security Council Arria-formula on "Commercial Spyware and the Maintenance of International Peace and Security".
August 3, 2025
Part of DPRK’s Hard Currency Network
While the US has imposed sanctions on DPRK’s activities in Southeast Asia, the UN Security Council DPRK Panel of Experts (POE) report—covering the newly sanctioned individuals Kim Se Un and Sobaeksu—offers key new information. DPRK Monitor shares additional context below.
DPRK individuals operate or control multiple registered entities in various countries and engage in several distinct areas—including IT, trading, finance, and, in some cases, money laundering, military logistics, or procurement. These individuals often obtain passports from host countries or assume foreign identities to travel across multiple jurisdictions—thereby enhancing both their mobility and concealment.
Kim Se Un
김 세 운
Date of Birth: 25 March 1978
Passport: Passport 390120007 (DPRK) issued 09 Jan 2020 expires 09 Jan 2025 (individual)
Source: US Department of State.According to the US State Department, Kim Se Un was involved in a scheme from April 2021 to June 2023 to smuggle tobacco into DPRK and pay in US dollars, violating US sanctions. The operation used false shipping records and bulk cash to evade restrictions.
In the past, Kim Se Un also registered company in Cambodia. According to the POE report (S/2023/171, paras.155-157), Kim was the director of the Cambodia-based company U.J Import Export Co., Ltd (struck off by Cambodian authorities in December 2019, Figure 1).
Moreover, the POE reported Kim cooperated with Ri Chol Nam (리철남) (Figure 2,3), who was involved in money laundering, brokering sales of weapons, diamonds, and gold, and other illicit financial activities linked to the DPRK. Ri also engaged in potential sales of military-related equipment, including bulletproof vests acquired from third countries for resale.
(DPRK Monitor will update Kim Se Un’s network!)
Figure 1
Source: Cambodian corporate registry (Edited by DPRK Monitor).Figure 2
Source: DPRK Monitor.Figure 3
Source: DPRK POE S/2023/171, annex 85.More about Sobaeksu (Coming soon!)
Use of AI by DPRK
DPRK IT workers may use AI-generated fake ID during job interviews. A report by cyber security company also indicate their use of real-time deepfake technology. The most effective detection method is passing a hand over the face, which disrupts facial landmark tracking. Other recommended techniques include:
Rapid head movements
Exaggerated facial expressions
Sudden lighting changes
Companies are advised to adopt layered detection strategies in coordination with their information security teams. Below is an example of DPRK tactics.
Source: KnowBe4. “The picture (right) is an AI-enhanced version of the person who we interviewed during the hiring process, where the applicant’s face was added over a completely different unrelated person’s “stock photography” picture (left) so they looked more professional with glasses and wearing formal work attire.”
Source: KnowBe4, “North Korean Fake Employees Are Everywhere! How to Protect Your Organization” (Annotated by DPRK Monitor)