By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
World of SoftwareWorld of SoftwareWorld of Software
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Search
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
Reading: U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
Share
Sign In
Notification Show More
Font ResizerAa
World of SoftwareWorld of Software
Font ResizerAa
  • Software
  • Mobile
  • Computing
  • Gadget
  • Gaming
  • Videos
Search
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Have an existing account? Sign In
Follow US
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
World of Software > Computing > U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
Computing

U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme

News Room
Last updated: 2025/07/09 at 8:36 AM
News Room Published 9 July 2025
Share
SHARE

Jul 09, 2025Ravie LakshmananMalware / Cyber Crime

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme.

The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province of Jilin, enabled the fraudulent operation by using foreign-hired IT workers to seek remote employment with U.S. companies and planning to split income with them.

Between 2022 and 2023, Song is alleged to have used the identities of U.S. people, including their names, addresses, and Social Security numbers, to craft aliases for the hired workers, who then used these personas to pose as U.S. nationals looking for remote jobs in the country.

The development comes days after the U.S. Department of Justice (DoJ) announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers.

Cybersecurity

Sanctions have also been levied against a Russian national and four entities involved in a Russia-based IT worker scheme that contracted and hosted North Koreans to pull off the malicious operation. This includes –

  • Gayk Asatryan, who used his Russia-based companies Asatryan LLC and Fortuna LLC to employ North Korean IT workers
  • Korea Songkwang Trading General Corporation, which signed a deal with Asatryan to dispatch up to 30 IT workers to work in Russia for Asatryan LLC
  • Korea Saenal Trading Corporation, which signed a deal with Asatryan to dispatch up to 50 IT workers to work in Russia for Fortuna LLC

The sanctions mark the first time a threat actor linked to Andariel, a sub-cluster within the Lazarus Group, has been tied to the IT worker scheme, which has become a crucial illicit revenue stream for the sanctions-hit nation. The Lazarus Group is assessed to be affiliated with the Democratic People’s Republic of Korea (DPRK) Reconnaissance General Bureau (RGB).

The action “underscores the importance of vigilance on the DPRK’s continued efforts to clandestinely fund its WMD and ballistic missile programs,” said Deputy Secretary of the Treasury Michael Faulkender.

“Treasury remains committed to using all available tools to disrupt the Kim [Jong Un] regime’s efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber attacks”

The IT worker scheme, also tracked as Nickel Tapestry, Wagemole, and UNC5267, involves North Korean actors using a mix of stolen and fictitious identities to gain employment with U.S. companies as remote IT workers with the goal of drawing a regular salary that’s then funneled back to the regime through intricate cryptocurrency transactions.

Data compiled by TRM Labs shows that North Korea is behind approximately $1.6 billion out of the total $2.1 billion stolen as a result of 75 cryptocurrency hacks and exploits in the first half of 2025 alone — mainly driven by the blockbuster heist of Bybit earlier this year.

A majority of steps taken to counter the threat has ostensibly come from U.S. authorities, but Michael “Barni” Barnhart, Principal i3 Insider Risk Investigator at DTEX, told The Hacker News that other countries are also stepping up and taking similar actions and driving awareness to a broader audience.

“This is a complex, transnational issue with many moving parts, so international collaboration and open communication are extremely useful,” Barnhart said.

“For an example of some of the complexities with this issue, a North Korean IT worker may be physically located in China, employed by a front company posing as a Singapore-based firm, contracted to a European vendor delivering services to clients in the United States. That level of operational layering highlights just how important joint investigations and intelligence sharing are in effectively countering this activity.”

Cybersecurity

“The good news is that awareness has grown significantly in recent years, and we’re now seeing the fruits of that labor. These initial awareness steps are part of a broader global shift toward recognizing and actively disrupting these threats.”

News of the sanctions dovetail with reports that the North Korea-aligned group tracked as Kimsuky (aka APT-C-55) is using a backdoor called HappyDoor in attacks targeting South Korean entities. HappyDoor, according to AhnLab, has been put to use as far back as 2021.

Typically distributed via spear-phishing email attacks, the malware has witnessed steady improvements over the years, allowing it to harvest sensitive information; execute commands, PowerShell code, and batch scripts; and upload files of interest.

“Mainly taking on the disguise of a professor or an academic institution, the threat actor has been using social engineering techniques like spear-phishing to distribute emails with attachments that, once run, install a backdoor and may also install additional malware,” AhnLab noted.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article IKEA Goes All-In on Matter for Apple HomeKit Compatibility
Next Article We Test Gear & Track Prices All Year—We Found 191 Actually Good Prime Day Deals
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1k Like
69.1k Follow
134k Pin
54.3k Follow

Latest News

AI and learning retention: Does ChatGPT help or hurt?
Computing
Meet Session App, Winner of Startups of The Year 2024 in Zug, Switzerland | HackerNoon
Computing
Faster, more comfortable Apple Vision Pro rumored to arrive in 2025 | AppleInsider
News
These are the iPhone 17 Air colors, according to a new leak
News

You Might also Like

AI and learning retention: Does ChatGPT help or hurt?

6 Min Read
Computing

Meet Session App, Winner of Startups of The Year 2024 in Zug, Switzerland | HackerNoon

9 Min Read
Computing

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

6 Min Read
Computing

Microsoft enforces iPhones for Chinese employees due to Android’s Google service limitations · TechNode

1 Min Read
//

World of Software is your one-stop website for the latest tech news and updates, follow us now to get the news that matters to you.

Quick Link

  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Topics

  • Computing
  • Software
  • Press Release
  • Trending

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

World of SoftwareWorld of Software
Follow US
Copyright © All Rights Reserved. World of Software.
Welcome Back!

Sign in to your account

Lost your password?