The US slapped sanctions on individuals and companies linked to a scheme that involves recruiting North Koreans to pose as American tech workers and help fund Kim Jong Un’s regime.
The Treasury Department’s Office of Foreign Assets Control imposed penalties on a “malicious cyber actor” named Song Kum Hyok, who’s accused of having ties with a hacking group linked to Pyongyang, as well as another individual and four companies based in Russia and North Korea.
Song allegedly facilitated an IT worker scheme where North Koreans and others working from China and Russia are given false American identities — often using information stolen from US citizens — to gain remote employment with US companies and generate revenues for North Korea.
The workers use “a variety of mainstream and industry-specific freelance contracting, payment, and social media and networking platforms,” the Treasury Department said in a statement. The department also said that in some cases, the IT workers introduced malware into company networks.
Thousands of North Korean workers have been posing as nationals from other countries to infiltrate companies in the US and around the world, according to the US government.
Last month, the Justice Department announced one arrest and charges against nine people connected to the scheme.
In a separate announcement, the State Department said it’s offering a reward of up to $5 million for information that would disrupt the financial means of people engaged in activities that support North Korea. It also offered $10 million for identifying and locating people involved in cyber attacks against critical US infrastructure.
Photo: Photographer: Samsul Said/Bloomberg
Copyright 2025 Bloomberg.
Was this article valuable?
Here are more articles you may enjoy.
Interested in Insurtech?
Get automatic alerts for this topic.
