U.S. Sanctions North Korean Member of Kim Jong Un's Spy Agency
The U.S. Treasury Department has taken decisive action against a notorious North Korean cyber operative, levying sanctions against Song Kum Hyok, a member of Kim Jong Un's military intelligence agency, also known as the "Reconnaissance General Bureau." The move is part of the government's efforts to disrupt the Kim regime's attempts to circumvent sanctions through digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks.
Song Kum Hyok has been accused of facilitating an IT worker scheme, recruiting North Korean cyber operatives to pose as American remote workers for hire at unwitting companies worldwide. This sprawling scheme allowed North Koreans operating in China and Russia to collect paychecks, with the proceeds ultimately funneling to Kim's nuclear missile program.
In some cases, North Korean IT workers have gone as far as to plant malware into company networks, demonstrating the extent of the regime's cyber espionage capabilities. According to the Treasury Department, Song Kum Hyok began choreographing the moneymaking plot in 2022, stealing personal information from U.S. citizens – including names, Social Security numbers, and addresses – to create aliases for the hired foreign workers disguised as American job applicants.
The moneymaking scheme is worth hundreds of millions, according to FBI senior officials, with thousands of highly skilled workers employed by North Korea in China and Russia. These workers are primarily used to channel funds to Kim Jong Un's weapons of mass destruction and ballistic missile programs.
Cracking Down on Kim Jong Un's Cyber Espionage Campaign
The Treasury Department's Office of Foreign Assets Control (OFAC) is also sanctioning four entities that were found to be funneling money to North Korea as part of a Russia-based IT worker scheme. The sanctions target the "Asatryan IT Worker Network," which was founded by Gayk Asatryan, who signed a 10-year contract with the North Korean regime in 2024.
According to the department, Asatryan agreed to dispatch as many as 30 North Korean IT workers to work in Russia for his company, part of a broad money-making scheme. The government's efforts to undercut North Korea's "unlawful weapons development" stem from a March 2016 United Nations Security Council Resolution.
The Scope of the Scheme
North Korean cyber operatives engaged in IT worker schemes routinely hide their locations and use proxy accounts, stolen identities, and falsified or forged documentation to apply for jobs at employers in wealthier countries. Applications and software developed by North Korean IT workers span popular industry sectors like business, health and fitness, social networking, sports, entertainment, and lifestyle.
The North Korean cyber operatives often take on projects involving virtual currency exchanges, enabling them to more easily launder money back to the regime, undetected. The Treasury Department warns that these schemes pose a significant threat to national security and the economy.
A Growing Concern for National Security
The U.S. government's efforts to disrupt North Korea's cyber espionage campaign are part of a broader effort to protect national security and prevent the spread of malicious cyber-attacks. As CBS News has reported, North Korea deploys IT workers worldwide to fraudulently seek jobs with top companies, allowing North Korean cyber operatives to take home a hefty paycheck that is ultimately funneled to the regime.
As part of its crackdown on Kim Jong Un's growing cyber espionage campaign and attempted impersonation of American workers, the Treasury Department is using all available tools to disrupt the Kim regime's efforts to circumvent sanctions. The government's goal is to use these tools to protect Americans from malicious cyber-attacks and prevent the spread of malware.
A Message from the Treasury Deputy Secretary
"Today's action underscores the importance of vigilance on the DPRK's continued efforts to clandestinely fund its WMD and ballistic missile programs," said Treasury Deputy Secretary Michael Faulkender in a statement to CBS News. "Reaffirming our goal of using all available tools to disrupt the Kim regime's efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks."
A Call to Action
The U.S. government is urging citizens to remain vigilant in the face of these ongoing threats. With the increasing sophistication of North Korean cyber operatives, it is essential for individuals and businesses to take proactive steps to protect themselves from malicious cyber-attacks.