While the DPRK case itself may be unique, as a CNO framework it could serve as model and even driver for future state CNO programs in similar regime-driven countries seeking similar high-payoff objectives with limited resources. This talk will first look at how CHOLLIMA adversaries as an operational enterprise shifted and evolved following milestones such as the SONY and KHNP public retribution and resulting economic sanctions in early 2015, as well as the major reorganization of the DPRK State Affairs Commission in 2016. With these interrelated trajectories in mind, I will then address how this adversary set has been able to blend espionage, destructive, and criminal components into operations to support key regime goals (e.g., economic espionage, dissident and defector tracking, and currency generation) as well as self-sustainability. While these tactics are reflective of the DPRK’s beliefs around cyber representing an “all-purpose sword”, effective allocations of limited resources, limited skillsets and government directives have facilitated this evolution.