OFAC sanctioned six individuals and two entities tied to a North Korean state-directed scheme embedding fraudulent IT workers inside Western enterprises using AI-generated personas, deepfake identity documents, and jailbroken LLMs to bypass pre-hire screening. Once placed, actors pursue privilege escalation, credential harvesting, and data exfiltration to fund DPRK weapons programs, with Salesforce environments cited as a confirmed victim context. Any enterprise that hired remote IT contractors in the past 24 months faces active insider risk; immediate priorities are cross-referencing contractor rosters against the OFAC SDN additions and auditing privileged remote contractor account activity for anomalous access patterns.