US Sanctions Alleged North Korean IT Sweatshop Leader
The US Treasury has taken another step to crack down on the lucrative cybercrime industry linked to North Korea, imposing sanctions on 38-year-old Song Kum Hyok, a key player in the alleged North Korean IT sweatshop operation. According to federal authorities, Song is accused of attempting to hack into the Treasury Department and posing as an IT worker to collect revenue and secret data for Pyongyang.
Song is also believed to be a member of Andariel (also known by its aliases APT45, Onyx Sleet, and Silent Chollima), a cyber-arm of North Korea's military intelligence agency that the US sanctioned in 2019. The group, along with fellow DPRK-sponsored cyber crews Lazarus Group and Bluenoroff, has been accused of infecting US hospitals with ransomware, laundering the proceeds, and using them to fund digital intrusions into defense, technology, and government entities worldwide.
According to the US Treasury, Song played a key role in the fake IT worker scheme, hiring foreign techies to seek remote employment with US-based companies and then splitting the income with them while sending a portion back to North Korea to fund its weapons program and other illicit activities. Between 2022 and 2023, Song allegedly used stolen identities belonging to US residents to create aliases for the foreign workers, who then used these names, Social Security numbers, and addresses to apply for jobs with American companies.
"Treasury remains committed to using all available tools to disrupt the Kim regime's efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks," Deputy Secretary of the Treasury Michael Faulkender said in a statement. The US government is determined to stop these scams, which have become a major hiring and security issue at almost every Fortune 500 company.
In addition to Song, the Treasury Department also sanctioned a Russian national, Gayk Asatryan, who is accused of using his Russia-based companies to employ North Korean IT workers. Asatryan allegedly inked two deals with North Korean companies to send up to 80 IT workers to Russia to work for his companies, Asatryan and Fortuna.
The sanctions are part of the US government's ongoing efforts to quash North Korean IT worker scams, which have been a growing concern in recent years. Last week, the US Department of Justice said it disrupted multiple North Korean fake IT worker scams at more than 100 US companies. These staffers were using fake or stolen identities while earning salaries and stealing sensitive IP for Pyongyang.
In one worker's case, this totaled about $740,000 in ill-gotten gains. The sanctions on Song and Asatryan are a significant blow to the North Korean IT sweatshop operation, which has been linked to some of the most sophisticated cyberattacks in recent years.