The U.S. Treasury has sanctioned two individuals and four companies, for their involvement in a scheme run by North Korea. According to officials, the goal of the scheme was to sneak North Korean IT workers into crypto companies so they could take advantage of them.
One of the people, Song Kum Hyok, who is based in North Korea, was accused of stealing personal information from Americans and giving it to foreign IT workers so they could pretend to be someone else and apply for jobs in U.S. companies.
The other person, a Russian man named Gayk Asatryan, was accused of using his businesses to hire many North Korean IT workers. He reportedly signed deals with North Korean trading companies in 2024 to make these hires possible.
The sanctions mean that any money or property in the U.S. connected to Asatryan, Song, or the four Russian companies is now blocked. People in the U.S. are also not allowed to do business with them or send them money. If they do, they could face serious legal trouble, including fines or even jail time.
This kind of operation is actually one of North Korea’s favorite tricks. Instead of hacking from the outside, they send skilled IT workers to quietly get jobs, often remotely, at tech and crypto companies around the world. These workers pretend to be regular employees, but behind the scenes, they’re passing information and money back to the North Korean government. It’s a sneaky, under-the-radar way to earn cash and gain access to valuable systems without raising red flags right away.
Fake Tech Workers, Real Threat
More and more fake tech workers linked to North Korea are being caught trying to sneak into companies around the world. A report from Google in April said these schemes are growing fast and are now operating in many different countries.
“Treasury remains committed to using all available tools to disrupt the Kim regime’s efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks,”.
U.S. Treasury Deputy Secretary Michael Faulkender.
According to the U.S. Treasury, North Korea is using thousands of highly trained IT workers to make money for its missile programs. Most of these workers are based in China and Russia, and they target jobs in wealthier countries to bring in cash for the government.
How DPRK Is Changing Tactics?
North Korea has been known for carrying out big hacking attacks, especially through groups like Lazarus. In fact, they were behind some of the biggest crypto hacks ever, including the $1.5 billion Bybit hack in February.
But according to blockchain intelligence company TRM Labs, North Korea is starting to change its methods.
They said that while breaking into crypto exchanges is still a problem, North Korean cyber operations are now focusing more on tricking people, using fake identities and job scams, rather than just hacking systems directly.
TRM Labs says that hackers linked to North Korea are behind most of the crypto thefts so far this year. Out of the $2.1 billion stolen in 75 different hacks and scams during the first half of 2025, about $1.6 billion of that was taken by groups connected to North Korea.
On June 30, four North Korean citizens were officially charged with wire fraud and money laundering. They had pretended to be remote workers and got jobs at blockchain companies in the U.S. and Serbia.
Earlier that month, on June 5, the U.S. Department of Justice said it was working to take back $7.74 million in frozen cryptocurrency. That money was allegedly earned by North Korean IT workers who used fake names to get remote jobs at blockchain firms.
