North Korea’s IT Worker Scam: U.S. Treasury Sanctions Cyber Espionage Mastermind
The U.S. Treasury has sanctioned cyber actor Song Kum Hyok for hacking antics with North Korea’s Andariel group, a sub-cluster of the Lazarus group. Song’s side gig included providing fake identities to foreign IT workers, who split their U.S. earnings with him, fueling North Korea’s missile dreams.
Hot Take:
It seems North Korea’s guiding career advice for hackers is: “Fake it till you make it… and fund our weapons program!” The U.S. Treasury apparently disagrees with this unconventional résumé-building strategy and has decided to give Mr. Song Kum Hyok an unforgettable ‘career setback’ with a side of sanctions.
Key Points:
- Song Kum Hyok, a member of North Korea’s hacking group Andariel, was sanctioned by the U.S. Treasury for his role in IT worker schemes.
- Andariel, linked to the Lazarus group, is known for financially-motivated cyber activities such as ransomware and cryptocurrency theft.
- Song provided fake U.S. identities to foreign IT workers, sending their earnings back to North Korea to fund its weaponry programs.
- The U.S. Treasury sanctioned several associated entities, freezing assets and banning transactions with them.
- Recent U.S. actions included raids on 29 “laptop farms,” resulting in arrests, indictments, and multiple seizures.
Already a member? Log in here