US Treasury sanctions Song Kum Hyok for facilitating North Korean IT worker schemes

The US Treasury’s Office of Foreign Assets Control sanctioned North Korean cyber actor Song Kum Hyok.

Song enabled strategies for IT workers to obtain jobs at firms by utilizing fictitious identities. Furthermore, OFAC sanctioned one person and four companies engaged in Russian scams. The DPRK’s military projects and financial operations are the targets of the actions.

Song Kum Hyok targeted for facilitating fraudulent employment schemes

Song Kum Hyok is a DPRK cyber actor who is associated with the sanctioned Andariel hacking group. The actor oversaw information technology employee cons that recruited DPRK nationals in Russia and China. Song provided the workers with false identities and nationalities to work for firms.

The program took advantage of innocent businesses to make money for the DPRK government by fraudulent means. DPRK IT personnel occasionally infected business networks with malware for later exploitation. The personnel actively concealed their names, locations, and nationalities by using pseudonyms and supporting documents.

In 2022 and 2023, Song used US persons’ information including names and social security numbers. The cyber actor created aliases for hired foreign workers using stolen personal data. Workers then used these accounts to pose as US persons seeking remote employment.

Song planned to split income generated from these fraudulent employment arrangements with the workers. The scheme targeted employers in wealthier countries through mainstream freelance contracting and payment platforms. Applications developed by DPRK IT workers spanned business, health, fitness, social networking, and entertainment sectors.

As per the press release details, DPRK maintains thousands of highly skilled IT workers globally, primarily located in China and Russia. These workers generate revenue that contributes to the regime’s weapons of mass destruction programs. The workers often take projects involving virtual currency and use crypto exchanges for fund management.

Song faces designation under Executive Order 13694 for receiving funds through cyber-enabled means. The designation targets commercial advantage and private financial gain from misappropriated information and resources.

Russian network contracts North Korean IT workers directly

Gayk Asatryan is a Russian citizen who contracts North Korean IT personnel through Russian-based businesses. Asatryan and Korea Songkwang Trading General Corporation inked a 10-year agreement in the middle of 2024. The agreement allows dispatch of up to 30 DPRK IT workers to Russia for Asatryan Limited Liability Company.

Asatryan also contracted with Korea Saenal Trading Corporation for additional worker deployment arrangements. According to the second deal, Fortuna Limited Liability Company would send 50 DPRK IT specialists to Russia. Both companies operate under Asatryan’s control to facilitate the worker placement schemes.

OFAC designated Asatryan under Executive Order 13722 for attempting to export workers from North Korea. The designation targets revenue generation for the Government of North Korea and Workers’ Party. Asatryan LLC and Fortuna LLC face sanctions for being owned or controlled by Asatryan.

Korea Songkwang Trading General Corporation received designation under Executive Order 13810 as North Korean persons. Korea Saenal Trading Corporation also faces sanctions for engaging in commercial activity generating regime revenue. Both DPRK companies facilitate the overseas deployment of IT workers through contractual arrangements.

The network operates across multiple jurisdictions to obscure the true nature of employment relationships. Russian companies provide legal frameworks for DPRK worker deployment while maintaining plausible deniability. The arrangement allows North Korean workers to access international markets through Russian business entities.

These contracts formalize what previously operated as informal worker placement schemes across international borders. The structured approach indicates increased sophistication in DPRK revenue generation efforts through legitimate business channels.

Treasury targets revenue streams for weapons development programs

The sanctions action is part of the US government efforts to counter DPRK strategic interests through cyber espionage. Deputy Secretary Michael Faulkender highlighted the importance of remaining vigilant against DPRK financing of weapons programs. US Treasury is dedicated to stopping attempts by the Kim dictatorship to use digital asset theft as a means of evading sanctions.

The Lazarus Group, Bluenoroff, and Andariel were previously sanctioned by OFAC on September 13, 2019. The DPRK state-sponsored cyber groups are under the Reconnaissance General Bureau planning virtual currency thefts. The groups had masterminded numerous high-value cryptocurrency heists to mitigate US and multilateral sanctions impacts.

The Technical Reconnaissance Bureau was sanctioned on May 23, 2023 for the development of offensive cyber capabilities. Its sub-unit cyber organization, the 110th Research Center, is also sanctioned for assisting DPRK activities. United Nations Security Council Resolution 2270 sanctioned the RGB in March 2016 for assistance in weapons development.

All property and interests of blocked persons held in US custody must be blocked. Entities controlled by 50% or more of the blacklisted individuals are likewise blocked. US citizens are required by law to notify OFAC of any banned property.

OFAC rules bar US persons from engaging in any transaction with blocked persons unless authorized properly. Offenses of sanctions by US persons can be criminal or civil in nature for foreign or domestic persons. Banks may face sanctions for transactions with listed persons.

The end objective is centered on the delivery of positive behavioral adjustment instead of punishment. OFAC is empowered to delist individuals from the Specially Designated Nationals List as necessary. Integrity in sanctions stems from designation and delisting power under existing legal frameworks.

KEY Difference Wire helps crypto brands break through and dominate headlines fast