The US Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned a senior official within North Korea’s Reconnaissance General Bureau (RGB) for orchestrating an elaborate scheme involving North Korean IT workers operating under stolen American identities in China and Russia.
The sanctions target Song Kum Hyok, a cyber actor affiliated with North Korea’s Andariel hacking group. According to OFAC, Song created fake American identities using stolen names, Social Security numbers, and addresses for North Korean tech workers who then posed as US citizens to secure remote jobs at American companies during 2022 and 2023.
The sanctions also targeted Gayk Asatryan, a Russian national, and four of his Russia-based companies. OFAC accused Asatryan of partnering with North Korean firms to bring dozens of workers into Russia under false pretenses.
In two separate contracts, Asatryan allegedly enabled up to 80 North Korean nationals to pose as American remote workers through deals with Korea Songkwang Trading General Corporation and Korea Saenal Trading Corporation, both of which were also sanctioned.
The sanctions come just one week after the Department of Justice unsealed criminal indictments against several North Koreans and at least two US citizens linked to the same scheme.
US intelligence agencies estimate that thousands of skilled North Korean IT workers are based across China, Russia, and Southeast Asia, infiltrating global tech firms under false identities and funneling high salaries back to support Pyongyang’s weapons programs.
