The Korean KCTI presentation explains how analysts can use OSINT to move beyond lists of Gmail addresses associated with DPRK IT workers and infer who controls or actively uses them. The speaker describes classifying roughly 320 Gmail accounts from a larger IOC set by role, including direct IT worker control, persona accounts, development accounts, interview-cover personas, and mirror-development accounts. The method pivots from a Gmail address to Google's GAIA ID, then checks exposed Google profile, Maps, Calendar, and legacy Google Plus artifacts, with last-updated timestamps used to distinguish abandoned accounts from active ones. The talk also places the Gmail analysis in the broader DPRK IT worker ecosystem of laptop farms, fake companies, LinkedIn and GitHub personas, AI-assisted interviews, and identity obfuscation.