The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Song Kum Hyok, (Song), a malicious cyber actor associated with the sanctioned Democratic People’s Republic of Korea (DPRK) Reconnaissance General Bureau (RGB) hacking group Andariel, according to a press release yesterday.
Song facilitated an information technology (IT) worker scheme in which individuals, often DPRK nationals working from countries such as China and Russia, were recruited and provided with falsified identities and nationalities to obtain employment at unwitting companies to generate revenue for the DPRK regime. In some cases, these DPRK IT workers have been known to introduce malware into company networks for additional exploitation. OFAC is also sanctioning one individual and four entities involved in a Russia-based IT worker scheme that has generated revenue for the DPRK.
“Today’s action underscores the importance of vigilance on the DPRK’s continued efforts to clandestinely fund its WMD and ballistic missile programs,” said Deputy Secretary of the Treasury Michael Faulkender. “Treasury remains committed to using all available tools to disrupt the Kim regime’s efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks.”
Today’s designation is part of the U.S. government’s objective to counter the DPRK’s efforts to advance its strategic goals through cyber espionage and revenue generation. On March 2, 2016, the United Nations Security Council (UNSC) adopted Resolution 2270 designating the RGB for its role supporting the Kim regime’s unlawful weapons development. Today’s action reaffirms that relevant UNSC resolutions remain in full force. On September 13, 2019, OFAC designated the Lazarus Group, Bluenoroff, and Andariel: all DPRK-sponsored cyber groups subordinate to the RGB, which have carried out numerous high-value virtual currency heists to offset the impact of U.S. and multilateral sanctions. Additionally, on May 23, 2023, OFAC designated the Technical Reconnaissance Bureau, which leads the DPRK’s development of offensive cyber tactics and tools, and its subordinate cyber unit, the 110th Research Center.
The original announcement can be found here.
