US Treasury Department sanctions individuals and entities over illegal IT worker scheme

Tags:

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) Tuesday imposed sanctions on two individuals and four companies involved in schemes to provide US companies with illegal remote IT workers whose income would, it said, generate revenue for the Democratic People’s Republic of Korea (DPRK) regime.

Song Kum Hyok, described as a “malicious cyber actor” associated with the already sanctioned DPRK Reconnaissance General Bureau hacking group Andariel, was sanctioned for facilitating the scheme. OFAC said that in 2022 and 2023, Song created aliases for foreign workers using the names, Social Security numbers, and addresses of US individuals, which the workers then used to pose as US applicants looking for remote jobs.  

In addition, Russian national Gayk Asatryan, who OFAC said has used his Russia-based companies to employ DPRK IT workers, was sanctioned for “having attempted to engage in, facilitate, or be responsible for the exportation of workers from North Korea, including exportation to generate revenue for the Government of North Korea or Workers’ Party of Korea,” OFAC’s announcement said.

OFAC noted that in 2024 Asatryan signed a 10-year contract with DPRK’s Korea Songkwang Trading General Corp. to hire up to 30 DPRK IT workers to work in Russia for his company, Asatryan Limited Liability Co. He also signed a contract with Korea Saenal Trading Corp., another DPRK company, to hire 50 DPRK IT workers for his company, Fortuna Limited Liability Co.

OFAC said that Asatryan’s two companies were sanctioned “for being owned or controlled by or acting or purporting to act for or on behalf of, directly or indirectly, Asatryan, a person whose property and interests in property are blocked.” Songkwang Trading and Saenal Trading were also designated “for being North Korean persons, including North Korean persons that have engaged in commercial activity that generates revenue for the Government of North Korea or Workers’ Party of Korea.”

“These sanctions against the DPRK-Russian fake IT worker pipeline are a significant step toward closing a long-standing gap in remote-work security,” said Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group. “By adding these key brokers to the SDN [US Specially Designated Nationals and Blocked Persons] list, the government has instantly frozen any payments that might flow through Russian front companies or crypto rails to North Korean developers, thereby cutting off a revenue stream that Pyongyang has relied on. They also raise the bar for corporate due diligence, as the IT worker scheme worked primarily because many organizations hired remote contractors on little more than a resume and a US PayPal address.”

Ongoing crackdown with caveats for hiring companies

These actions are the latest efforts in the US government’s battle to stop DPRK’s illegal activities. Last month, the Justice Department’s major sweep across 16 states seized laptops, financial accounts, and websites associated with the illegal remote IT worker scheme, and the FBI and Defense Criminal Investigative Service (DCIS) also took action.

The latest sanctions mean that any property in the US, or possessed or controlled by US persons, in which the sanctioned individuals hold interest are blocked, and must be reported to OFAC, and unless authorized, “OFAC’s regulations generally prohibit all transactions by US persons or within (or transiting) the United States that involve any property or interests in property of blocked persons,” OFAC said in the announcement. The regulations also forbid “any contribution or provision of funds, goods, or services” either directed to the blocked persons, or being received from them.

“These sanctions draw clear liability boundaries and nudge organizations towards stronger vetting without broad new regulations,” Jean-Louis noted. “A key risk to consider: If a US company unknowingly hires or pays a newly sanctioned contractor, the consequences can escalate quickly. OFAC violations are a strict liability, which means that intent does not matter, and civil fines can run up to significant amounts. Organizations can also face criminal penalties and loss of export privileges. Since OFAC is a US law with extraterritorial application, foreign organizations may do well to also consider potential exposure. An improper hire can turn into an expensive legal crisis overnight.”

Categories

No Responses

Leave a Reply

Your email address will not be published. Required fields are marked *