GLR
A senior executive at Amazon has revealed that the US technology giant has blocked more than 1,800 job applications linked to suspected North Korean operatives attempting to infiltrate the company’s workforce.
According to Amazon’s Chief Security Officer, Stephen Schmidt, individuals believed to be acting on behalf of North Korea have been applying for remote IT positions using stolen or fabricated identities. Schmidt disclosed the findings in a LinkedIn post, warning that the activity represents a growing and organised threat across the technology sector.
“Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime’s weapons programs,” Schmidt said, adding that the scale of such activity is likely far greater than what has been publicly identified so far, particularly within the United States.
US and South Korean authorities have previously cautioned companies about North Korean agents conducting sophisticated online fraud operations to generate revenue for Pyongyang. Schmidt noted that Amazon has recorded nearly a one-third increase in suspected North Korean-linked job applications over the past year alone.
He explained that many of these operatives work in coordination with so-called “laptop farms” — networks of computers physically located in the US but remotely controlled by individuals operating from overseas. These setups allow North Korean IT workers to appear as though they are based domestically, helping them bypass employment restrictions and sanctions.
Amazon, Schmidt said, relies on a combination of artificial intelligence-driven screening tools and manual verification processes conducted by trained staff to identify and block fraudulent applications before hiring decisions are made.
However, he cautioned that the tactics used by these bad actors have grown increasingly advanced. Fraudsters are now hijacking dormant LinkedIn accounts using leaked login credentials to gain platform verification and credibility. In many cases, they impersonate legitimate software engineers to strengthen their applications and avoid detection.
Schmidt urged companies to remain vigilant and to report suspicious job applications to law enforcement agencies. He advised employers to watch for red flags commonly associated with North Korean-linked applications, such as incorrectly formatted phone numbers, inconsistencies in education or employment histories, and irregular identity documentation.
In June, the US government announced that it had dismantled 29 illegal laptop farms operating across the country on behalf of North Korean IT workers. According to the Department of Justice (DOJ), the operations relied on stolen or forged identities of American citizens to help North Korean nationals secure remote employment at US-based firms.
Federal prosecutors also charged several US-based brokers accused of facilitating the placement of North Korean operatives into technology roles.
In a related case, a woman from Arizona was sentenced in July to more than eight years in prison after being convicted of running a large-scale laptop farm operation. Prosecutors said she helped North Korean IT workers obtain remote jobs at more than 300 US companies.
The DOJ stated that the scheme generated more than $17m (£12.6m) in illegal profits, benefitting both the defendant and the North Korean government.
About the Author
