US Treasury Sanctions North Korean IT Worker Network Behind Crypto Company Infiltration Scheme

The US Treasury's Office of Foreign Assets Control (OFAC) announced sanctions against two individuals and four entities connected to a sophisticated North Korean IT worker scheme targeting cryptocurrency companies. The operation, which involved infiltrating American businesses through fraudulent employment, represents a significant escalation in North Korea's efforts to circumvent international sanctions and generate revenue for its ballistic missile programs.

Among those sanctioned is North Korea-based Song Kum Hyok, who allegedly stole US citizens' personal information to create false identities for foreign IT workers seeking employment at American companies. Russian national Gayk Asatryan was also sanctioned for using his companies to employ dozens of North Korean IT workers under long-term agreements with North Korean trading firms beginning in 2024. The sanctions freeze all US assets connected to the individuals and entities while prohibiting Americans from conducting business with them.

According to OFAC, North Korea has deployed thousands of highly skilled IT workers worldwide, primarily in China and Russia, to target employers in wealthier countries. This workforce uses mainstream and industry-specific networking platforms to secure positions that allow them to funnel money back to support the regime's weapons programs. The sanctions are part of broader US efforts to combat crypto-enabled sanctions evasion, including recent action against platforms facilitating money laundering. Treasury Deputy Secretary Michael Faulkender emphasized the department's commitment to disrupting these schemes through digital asset theft prevention and sanctions enforcement.

The sanctions come as North Korea appears to be shifting tactics from high-profile cryptocurrency exchange hacks to more deceptive revenue generation methods. While the notorious Lazarus Group and similar teams have been responsible for major crypto thefts, including an estimated $1.6 billion of the $2.1 billion stolen in crypto hacks during the first half of 2025, blockchain intelligence firm TRM Labs notes an increasing focus on IT worker infiltration schemes as a primary revenue source for the isolated regime.