▼ Summary
– The U.S. Treasury sanctioned North Korean cyber operative Song Kum Hyok for using fake identities to infiltrate U.S. companies and fund Pyongyang’s weapons programs.
– Song facilitated overseas IT workers with falsified documents to secure remote jobs, funneling earnings back to North Korea for military development.
– Stolen personal data, including Social Security numbers, was used to create fake aliases for operatives between 2022 and 2023.
– Five additional entities tied to the operation were blacklisted, freezing U.S. assets and banning American businesses from engaging with them.
– The crackdown aims to disrupt North Korea’s cybercrime revenue streams financing weapons programs, following recent raids on IT worker networks.
The U.S. Treasury has sanctioned a North Korean cyber operative at the center of a covert scheme that used fake identities to sneak operatives into American companies and quietly funnel wages back to Pyongyang’s weapons programs. The target, Song Kum Hyok, is identified as a key figure in Andariel, a hacking group notorious for ransomware attacks and crypto thefts that help bankroll North Korea’s military ambitions.
According to investigators, Song supplied falsified U.S. documents to overseas IT workers, mainly based in China and Russia, letting them land remote jobs with unsuspecting U.S. employers. A slice of each paycheck reportedly flowed back to fund weapons of mass destruction and ballistic missile development. Some workers did more than collect salaries, they quietly planted malware on corporate networks, opening doors for future hacks.
Between 2022 and 2023, Song’s network used stolen Social Security numbers and addresses to craft credible aliases. The Treasury’s Office of Foreign Assets Control (OFAC) also blacklisted five additional entities, including Gayk Asatryan, a Russian national who hired North Korean IT staff through his companies.
Under the sanctions, all U.S.-based assets belonging to these parties are frozen, and American businesses are barred from any dealings. Foreign banks that continue to do business with the blacklisted network could face penalties too.
This crackdown ties into a wider Justice Department push to dismantle North Korea’s IT worker schemes. Earlier this month, federal agents raided 29 so-called “laptop farms”, makeshift offices where these operatives worked undercover. Those raids led to arrests, indictments, and the seizure of websites and financial channels used to hide the money trail.
By blocking these cybercrime cash streams, Washington aims to squeeze Pyongyang’s ability to keep building its banned weapons. The sanctions highlight how state-backed hacking groups increasingly exploit global hiring systems to launder money and fuel prohibited military projects
(Source: BLEEPINGCOMPUTER)
