The United States has announced sanctions targeting Song Kum Hyok, a North Korean cyber actor linked to the hacking group Andariel. Song is accused of engaging in malicious cyber activities, including an illicit IT worker scheme and an attempted hack on the U.S. Department of the Treasury. Sanctions are also being imposed on Russia-based facilitator Gayk Asatryan and four entities—two Russian and two North Korean—that have been involved in deploying IT workers internationally to generate revenue for North Korea.
North Korea reportedly deploys IT workers who conceal their identities, often using identity theft involving U.S. citizens, to fraudulently secure employment at foreign companies unaware of their true affiliations. The revenue generated by these workers is allegedly used by the North Korean regime to support its weapons of mass destruction and ballistic missile programs.
These sanctions are part of broader efforts by the U.S. government to counteract North Korean cyber espionage and revenue generation activities. "We will continue to take action against malicious cyber actors who attempt to undermine U.S. national security or the U.S. financial sector," stated a representative from the government.
The U.S. Department of State’s Rewards for Justice program (RFJ) is offering rewards for information that could lead to identifying or locating individuals engaged in malicious cyber activities against U.S. critical infrastructure, as well as disrupting financial mechanisms supporting North Korea's exportation of workers for revenue generation.
The actions taken by the Department of the Treasury are based on Executive Orders 13694, 13722, and 13810. For further details, interested parties can refer to releases from the Treasury, State Department’s RFJ website, Department of Justice, and Cybersecurity and Infrastructure Security Agency.
