Article Details

US sanctions alleged North Korean IT sweatshop leader. Turns out outsourcing coders to bankroll Kim’s nukes doesn’t jibe with Uncle Sam. The US Treasury has imposed sanctions on 38-year-old Song Kum Hyok, a North Korean accused of attempting to hack the Treasury Department and posing as an IT worker to collect revenue and secret data for Pyongyang. According to the feds, Song is also a member of Andariel (aka APT45, Onyx Sleet, and Silent Chollima), which the US sanctioned in 2019 along with fellow DPRK-sponsored cyber crews Lazarus Group and Bluenoroff — not that the sanctions have stopped the criminals from pilfering virtual wallets to pad Kim Jong Un's coffers.  The US says Andariel, the cyber-arm of North Korea's military intelligence agency, and its members infected US hospitals with ransomware, laundered the proceeds, and then used them to fund digital intrusions into defense, technology, and government entities worldwide. Plus, according to Uncle Sam, Song played a key role in the fake IT worker scheme, hiring foreign techies to seek remote employment with US-based companies and then splitting the income with them while sending a portion back to North Korea to fund its weapons program and other illicit activities. Between 2022 and 2023, Song allegedly used stolen identities belonging to US residents to create aliases for the foreign workers, who then used these names, Social Security numbers, and addresses to apply for jobs with American companies. "Treasury remains committed to using all available tools to disrupt the Kim regime's efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks," Deputy Secretary of the Treasury Michael Faulkender said in a canned statement. In addition to Song, the Treasury Department on Tuesday also sanctioned a Russian national, Gayk Asatryan, who is accused of using his Russia-based companies to employ North Korean IT workers. Asatryan, in mid-2024, allegedly inked two deals with North Korean companies, Korea Songkwang Trading General Corporation and Korea Saenal Trading Corporation, to send up to 80 IT workers to Russia to work for his companies, Asatryan and Fortuna. These four Russian and North Korean firms have also been added to the Specially Designated Nationals list. The sanctions are part of the US government's ongoing efforts to quash North Korean IT worker scams, which have become a major hiring and security issue at almost every Fortune 500 company. Last week, the US Department of Justice said it disrupted multiple North Korean fake IT worker scams at more than 100 US companies. These staffers were using fake or stolen identities while earning salaries and stealing sensitive IP for Pyongyang. In one worker's case, this totaled about $740,000 in ill-gotten gains.