**US Sanctions North Korea Hackers in IT Jobs Scheme**

The U.S. Treasury on July 8 imposed sanctions on Song Kum Hyok and four entities based in Russia, exposing a covert cyber campaign that has helped fund North Korea’s weapons development. The move, part of a broader push as US sanctions North Korea hackers, highlights the use of remote IT workers embedded in legitimate projects to infiltrate global software supply chains.

Investigators linked the operation to Andariel, a sub-unit of the Reconnaissance General Bureau. By gaining access to corporate repositories and CI/CD pipelines, North Korean developers injected a tainted JavaScript dependency that delivered a memory-resident PowerShell loader. The malware contacted a spoofed domain, *.china-cdn[.]org, and evaded detection with variable beacon intervals.

After March 2025, every GitHub Actions build included the malicious code. Victims included fintech, healthcare, and industrial IoT firms. As US sanctions North Korea hackers, analysts warn that remote contractor workflows remain a potent channel for cyber-espionage.

Read the full official article at

US Sanction Key Threat Actors Linked With North Korea’s Remote IT Worker Scheme