Sanctions Imposed on DPRK IT Workers Generating Revenue for the Kim Regime
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has imposed sanctions on individuals and entities involved in a scheme to generate revenue for the Democratic People's Republic of Korea (DPRK) regime through the exploitation of IT workers.
Facilitating Cybercrime and Evasion
Song Kum Hyok, also known as Song, is a malicious cyber actor associated with the sanctioned RGB hacking group Andariel. He facilitated an information technology worker scheme in which individuals, often DPRK nationals working from countries such as China and Russia, were recruited and provided with falsified identities and nationalities to obtain employment at unwitting companies.
Song used U.S. persons' information, including names, social security numbers, and addresses, to create aliases for the hired foreign workers. The workers then used the accounts to pose as U.S. persons looking for remote jobs with U.S. companies.
Russia-Based Scheme
Gayk Asatryan, a Russian national, has been designated by OFAC for his role in employing North Korean IT workers through his Russia-based companies.
In mid-2024, Asatryan signed a 10-year contract with a DPRK company to dispatch up to 30 DPRK IT workers to work in Russia for his company, Asatryan Limited Liability Company. He also signed a contract with another DPRK company to dispatch 50 DPRK IT workers to Russia.
Blocking Assets and Prohibiting Transactions
The U.S. government has blocked the assets and interests of the designated individuals and entities in the United States or in the possession or control of U.S. persons.
Unless authorized by a general or specific license issued by OFAC, all transactions involving property or interests in property of blocked persons are prohibited. Violations of U.S. sanctions may result in civil or criminal penalties on U.S. and foreign persons.
Objectives and Significance
The U.S. government's objective is to counter the DPRK's efforts to advance its strategic goals through cyber espionage and revenue generation.
Deputy Secretary of the Treasury Michael Faulkender stated, "Today's action underscores the importance of vigilance on the DPRK's continued efforts to clandestinely fund its WMD and ballistic missile programs." He added that Treasury remains committed to using all available tools to disrupt the Kim regime's efforts to circumvent sanctions through digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks.
UNSC Resolution 2270
The United Nations Security Council (UNSC) adopted Resolution 2270 on March 2, 2016, designating the RGB for its role supporting the Kim regime's unlawful weapons development. Today's action reaffirms that relevant UNSC resolutions remain in full force.
Previous Designations
OFAC has designated several individuals and entities in the past, including the Lazarus Group, Bluenoroff, Andariel, Technical Reconnaissance Bureau, and 110th Research Center. These designations are part of the U.S. government's efforts to counter the DPRK's cyber threats.
Revenue Generation
The DPRK generates significant revenue through the deployment of IT workers who fraudulently gain employment with companies around the world, including in the technology and virtual currency industries.
These workers are instructed to deliberately obfuscate their identities, locations, and nationalities, typically using false personas, proxy accounts, stolen identities, and falsified or forged documentation to apply for jobs at these companies. They target employers located in wealthier countries, utilizing a variety of mainstream and industry-specific freelance contracting, payment, and social media and networking platforms.
Impact
The imposition of sanctions on DPRK IT workers generating revenue for the Kim regime has significant implications for the global community.
It highlights the need for vigilance in detecting and disrupting cyber threats from North Korea and underscores the importance of cooperation between countries to counter these threats.