The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on a North Korean cybersecurity specialist, Song Kum Hyok, for his alleged involvement in international crypto-related fraud, identity theft, and illicit money laundering networks designed to generate revenue for the North Korean regime. The action, announced on July 8, targets Song’s links to the North Korean hacking group Andariel, as well as a Russian national and four associated companies.
This latest crackdown highlights how North Korea has been leveraging remote IT contracting as a covert method to evade international sanctions and fund its weapons programs.
A Pattern of Cybercrime: North Korea’s Hacker Ecosystem Under Scrutiny
The U.N. Security Council first sanctioned North Korea’s military intelligence bureau, the Reconnaissance General Bureau (RGB), in 2016. The U.S. later followed up with sanctions on Lazarus Group, Bluenoroff, and Andariel — three well-known state-sponsored hacking groups under RGB — for their roles in numerous crypto heists and cyberattacks.
In 2023, the U.S. expanded its sanctions to include North Korea’s Technical Reconnaissance Bureau and its “Bureau 110” cyber warfare unit, responsible for developing and deploying malware targeting global entities.
Hiding in Plain Sight: Freelance Platforms and Fake Identities
According to OFAC, North Korea has increasingly relied on shadow IT workers posing as foreign freelancers. These individuals are stationed in countries like China and Russia, using fake documents and stolen identities to secure contracts from companies in high-income countries.
They often work through well-known freelance platforms, crypto exchanges, and social media networks to secure gigs, receive payments, and launder money back into North Korea. Many of their projects span mobile and web applications in finance, health, fitness, gaming, and social networking — with a strong presence in crypto-related development.
U.S. Identities Stolen to Access Remote Work
Song Kum Hyok, the primary individual sanctioned, is accused of orchestrating the use of stolen American identities to help North Korean workers pose as U.S. citizens. Between 2022 and 2023, Song allegedly helped set up fake profiles and accounts, allowing North Korean operatives to secure remote jobs with U.S. companies and gain access to sensitive information.
OFAC said Song’s activities pose a direct threat to U.S. national security, citing violations of executive orders and laws prohibiting the misuse of trade secrets and financial data.
Russian Support for North Korean Labor
Also sanctioned is Russian national Gayk Asatryan, who allegedly signed labor contracts with two North Korean state-run entities. His companies — Asatryan LLC and Fortuna LLC — reportedly planned to import at least 80 North Korean IT workers into Russia for offshore software work, generating foreign currency for Pyongyang in violation of U.S. sanctions.
The North Korean entities involved — Songgang Trading Corporation and Sinil Trading Corporation — have also been added to the U.S. sanctions list.
Full Asset Freezes and Severe Penalties for Non-Compliance
All individuals and companies named in the sanctions will have their U.S.-based assets frozen. American citizens and businesses are strictly prohibited from engaging in transactions with them. OFAC warns that even unintentional violations of these sanctions could result in civil or criminal penalties, and urges any U.S. entities with exposure to these parties to report immediately.
⚠️ Risk Disclosure
Cryptocurrency investments are highly volatile and carry significant risk. You may lose your entire investment. Always evaluate your risk tolerance before participating in the digital asset market.
![[News] Bitcoin at a Turning Point? 10x Research Signals a Bullish Macro Shift Ahead](https://cryptoexplores.com/wp-content/uploads/2025/06/new20250616.jpg)
![[News] Binance Lists $HOME, the Gas-Free, Bridge-Free All-in-One DeFi App](https://cryptoexplores.com/wp-content/uploads/2025/06/news20250617.jpg)