In a powerful move to defend national security, the U.S. Department of the Treasury has imposed tough sanctions on individuals and companies linked to North Korea’s secret global IT worker scheme.
Sanctions Strike Hidden Cyber Scheme
Announced on July 10, 2025, the action targets Song Kum Hyok, a cyber operator from North Korea, and Gayk Asatryan, a Russian national, along with four companies tied to the operation.
Song Kum Hyok is connected to the notorious North Korean hacking group Andariel. He was responsible for managing a network where IT workers, mostly North Korean citizens living in countries like China and Russia, used fake identities to get remote jobs with U.S. companies. These fake profiles were created using stolen personal details, such as real Americans’ names, Social Security numbers, and home addresses.
The earnings from these jobs were secretly funneled back to North Korea to support illegal weapons and missile programs, which are banned under international law. U.S. officials said these fake workers also posed major security risks, as some had access to sensitive systems and planted harmful software.
21 Fake Websites, 29 Accounts, and 137 Laptops: FBI Hits North Korean Plot
A Network of Deception Exposed
Between 2022 and 2023, Song Kum Hyok helped carry out a complex operation where North Korean IT workers pretended to be Americans and applied for remote jobs. These workers gained access to the U.S. tech industry, often working as freelancers, developers, or engineers.
The U.S. Treasury used Executive Order 13694 to designate Song Kum Hyok for his role in cyber-enabled crimes. His actions involved the misuse of financial and personal information and were seen as a direct threat to U.S. safety and stability. As a result, all of his property and assets under U.S. control are now blocked.
The same sanctions also targeted Korea Songkwang Trading General Corporation and Korea Saenal Trading Corporation, two North Korean companies involved in moving funds and managing the fake worker network.
North Korea’s Fake Job Blitz Infects Crypto World — 80+ Wallets at Risk in PylangGhost Attack!
To hide the origin of the money, the workers used virtual currency platforms, making it hard for law enforcement to track the funds. These steps were meant to bypass U.S. and international sanctions and secretly fund North Korea’s military development.
No person or company in the U.S. is now allowed to do business with the named individuals or entities without special permission. Violating this rule could lead to serious legal penalties, including large fines or even jail time.
Russian Support Under the Spotlight
In a related move, the U.S. Treasury sanctioned Gayk Asatryan, a businessman based in Russia, for helping North Korea expand this global worker scheme. Asatryan helped bring up to 80 North Korean IT workers into Russia through contracts signed in 2024. These workers then took on remote jobs to earn money, which was eventually sent back to North Korea.
Two of Asatryan’s companies, Asatryan Limited Liability Company (Asatryan LLC) and Fortuna Limited Liability Company (Fortuna LLC), were also named in the sanctions. These businesses provided cover and support for the workers, making it easier for them to blend in and avoid detection.
The U.S. government says this is part of a wider effort by North Korea to use skilled tech workers to illegally generate income. These workers often apply for jobs in wealthier countries like the U.S., Canada, and parts of Europe, using falsified documents and proxy accounts.
All named individuals and companies are now cut off from the U.S. financial system. Banks, platforms, and employers must take extra caution to avoid accidental involvement, or they could face civil or criminal consequences.
This latest enforcement is part of a growing list of actions taken to stop North Korea’s cyber-financial operations, which have also included previous sanctions against hacking groups like Lazarus Group and Andariel.