North Korean IT-worker operators used stolen identities from Bosnia and Serbia to create freelance profiles on platforms such as Guru and GoLance, seeking work with Western companies while hiding their true origin. The activity is tied in an MSMT sanctions report to employees of Korea Mangyongdae Computer Technology Corporation, including An Chol Hun and Ri Kwang Hun, and to North Korean revenue generation that helps fund state priorities including weapons development. The report highlights European expansion of the scheme, use of real IT professionals’ photos and emails, laptop facilitators, and payments through cryptocurrency, TransferWise, and Payoneer. MSMT also identified Guanghe Technology Development LLC as a U.S.-registered shell company used by North Korean IT workers in China to contract with an unnamed Serbian company.