The United States has announced sanctions against Song Kum Hyok, a North Korean cyber actor linked to the hacking group Andariel. According to Tammy Bruce, Department Spokesperson, Song was involved in "malicious cyber-enabled activities," including an illicit information technology worker scheme and an attempted hack of the U.S. Department of the Treasury.
In addition to Song, sanctions are being imposed on Russia-based facilitator Gayk Asatryan and four entities—two Russian and two North Korean—that have been deploying IT workers internationally to generate revenue for the North Korean government. These workers reportedly conceal their identities through identity theft of U.S. persons to fraudulently secure employment at foreign firms. The revenue from these operations is used by North Korea to support its weapons of mass destruction and ballistic missile programs.
The actions taken today are part of broader efforts by the U.S. government to combat North Korean cyber espionage and revenue generation activities. "We will continue to take action against malicious cyber actors who attempt to undermine U.S. national security or the U.S. financial sector," stated Bruce.
Additionally, the U.S. Department of State’s Rewards for Justice program is offering up to $10 million for information leading to those engaging in malicious cyber activities against U.S. critical infrastructure under foreign direction, as well as up to $5 million for disrupting financial mechanisms supporting North Korea's revenue generation through exported labor.
These measures were enacted under Executive Orders 13694, 13722, and 13810. Further details can be found in related press releases from the Treasury Department, State Department’s RFJ website, Department of Justice, and Cybersecurity and Infrastructure Security Agency advisory.