The US Treasury has taken direct aim at North Korea’s shadowy cyber operations, sanctioning a key operative behind a global scheme that embeds Pyongyang-linked IT workers in foreign companies, many linked to cryptocurrency theft and money laundering.
(Source: Treasury Department on X)
In a harshly worded announcement, the Treasury’s Office of Foreign Assets Control (OFAC) named Song Kum Hyok, a North Korean national linked to the Andariel hacking group. He is a central figure in a sprawling fraud that funnels illegal revenue to Kim Jong Un’s banned weapons programs.
Deputy Secretary of the Treasury Michael Faulkender said, “Today’s action underscores the importance of vigilance on the DPRK’s continued efforts to clandestinely fund its WMD and ballistic missile programs. Treasury remains committed to using all available tools to disrupt the Kim regime’s efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks.”
The Scheme: Fake Identities, Real Theft
According to the Treasury, Song’s operation placed North Korean tech workers, often posing as Americans or other nationals, in unsuspecting firms across the US, China, and Russia. Their roles ranged from software development to cryptocurrency projects.
Officials stated that these North Korean IT workers allegedly infiltrated company systems to plant malware. They also helped cybercriminals steal digital assets through hacking and launder these illegal funds via crypto exchanges.
One brazen 2022-2023 plot saw Song forge US social security numbers and addresses to help operatives pose as remote workers for American firms.
North Korean’s Lazarus Group Links and Russia’s Connection
These sanctions follow longstanding concerns about North Korea’s Lazarus Group, a cybercrime unit responsible for billion-dollar crypto heists, including the 2022 Axie Infinity hack. OFAC notes that Pyongyang’s IT workforce, thousands strong, generates “significant revenue” for weapons development.
At the same time, OFAC sanctioned Russian national Gayk Asatryan and four entities for hiring North Korean workers under 10-year contracts. One deal, with Pyongyang’s Saenal Trading Corporation, planned to dispatch 50 workers to Russia, a clear violation of sanctions.
The sanctions immediately freeze all US-linked assets belonging to Song Kum Hyok, Gayk Asatryan, and their operations, while also penalizing any banks or businesses that continue transactions with them.
“The DPRK generates significant revenue through the deployment of IT workers who fraudulently gain employment with companies around the world, including in the technology and virtual currency industries. The DPRK maintains a workforce of thousands of highly skilled IT workers globally, primarily located in the People’s Republic of China and Russia, who generate significant revenue that contributes to its WMD and ballistic missile programs,” stated the official blog post.
Also Read: U.S. House Takes Historic Steps to Make U.S. Crypto Capital
