The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has imposed sanctions on Song Kum Hyok, a cyber actor linked to North Korea's Reconnaissance General Bureau (RGB) hacking group Andariel. Song was involved in an information technology worker scheme that recruited individuals, often North Korean nationals working from countries like China and Russia, to obtain employment using falsified identities. These workers generated revenue for the North Korean regime and sometimes introduced malware into company networks.
Deputy Secretary of the Treasury Michael Faulkender stated, "Today’s action underscores the importance of vigilance on the DPRK’s continued efforts to clandestinely fund its WMD and ballistic missile programs." He emphasized that the Treasury is committed to disrupting these efforts through various tools.
The sanctions are part of a broader effort by the U.S. government to counter North Korea's attempts to advance its strategic goals via cyber espionage and revenue generation. The United Nations Security Council adopted Resolution 2270 in March 2016, designating RGB for supporting unlawful weapons development by the Kim regime. OFAC has previously designated other DPRK-sponsored cyber groups such as Lazarus Group, Bluenoroff, and Andariel.
North Korea generates significant revenue through IT workers who fraudulently gain employment worldwide, including in technology and virtual currency industries. These workers use false personas and forged documentation to apply for jobs at companies in wealthier countries. They also manage funds through virtual currency exchanges and trading platforms.
Song is identified as a key facilitator for this overseas IT workforce, using foreign-hired IT workers to seek remote employment with U.S. companies while planning income splits with them. In 2022 and 2023, Song used information from U.S. persons to create aliases for foreign workers posing as Americans seeking remote jobs.
Additionally, Gayk Asatryan, a Russian national, has been sanctioned for employing North Korean IT workers through his Russia-based companies under contracts with DPRK entities like KoreaSongkwang Trading General Corporation and Korea Saenal Trading Corporation.
As a result of these actions, all property related to designated or blocked persons within the United States or controlled by U.S. persons is blocked and must be reported to OFAC. Transactions involving blocked persons are generally prohibited unless authorized by OFAC.
Violations may lead to civil or criminal penalties on both U.S. and foreign entities involved in transactions with designated individuals or entities.
OFAC emphasizes that sanctions aim not only at punishment but also at encouraging positive behavioral changes among targeted parties.
