- The U.S. Treasury Department has sanctioned North Korean hacker Song Kum Hyok and four related entities
- The network has used disguised overseas IT freelancers to funnel money into Pyongyangs weapons programs
- Officials say the move freezes U.S. assets and reinforces existing U.N. sanctions against North Korea
The United States has imposed fresh sanctions on a North Korean hacker and several associated entities in a renewed effort to disrupt the regimes cyber operations. The Treasurys Office of Foreign Assets Control (OFAC) announced the designations on Tuesday, targeting individuals and firms that helped the DPRK covertly place its IT workers in global companies . Officials said these operatives have funneled millions of dollars into North Koreas weapons development programs while evading international scrutiny.
Sanctions Target Shadow Workforce
OFAC named Song Kum Hyok as a key operative linked to Andariel, a state-sponsored hacking unit within North Koreas intelligence apparatus. Song is accused of helping DPRK nationals pose as freelance IT workers using stolen or fake identities, with the aim of becoming embedded in companies around the world. These include the tech and crypto sectors, where the fake workers earned income that was secretly funneled back to the regime, with some planting malicious code to enable future cyberattacks.
The scheme involved more than just North Korean actors, with Russian national Gayk Asatryan and two of his Moscow-based companies also sanctioned, accused of facilitating long-term contracts to bring in up to 80 North Korean programmers. Two DPRK trading firms responsible for dispatching these laborers were similarly blacklisted. According to U.S. officials, these arrangements provided Pyongyang with a steady stream of hard currency while concealing the workers true identities behind forged documents and proxy accounts.
U.S. Warns of Expanding Cyber Threat
In a press release announcing the sanctions, Deputy Treasury Secretary Michael Faulkender warned that vigilance was the key to ensuring that the shadow workforce would not see further success:
Todays action underscores the importance of vigilance on the DPRKs continued efforts to clandestinely fund its WMD and ballistic missile programs. Treasury remains committed to using all available tools to disrupt the Kim regimes efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks.
Under the sanctions, any U.S.-based assets tied to the individuals or entities have been frozen, and any businesses majority-owned by them are also automatically blocked. Treasury officials reminded financial institutions that violations can trigger strict liability civil penalties, but noted that removal from the sanctions list is possible if the designated parties change their behavior.
The move builds on prior designations of DPRK-linked groups like Lazarus and Bluenoroff and aims to strengthen enforcement of U.N. Security Council resolutions.
