Amazon has blocked hundreds of job applications from suspected North Korean operatives, according to the company’s Chief Security Officer, Stephen Schmidt. In a recent LinkedIn post, Schmidt outlined the company’s growing concerns regarding cyber scams linked to Pyongyang. He stated that the primary aim of these operatives is straightforward: to gain employment, receive wages, and ultimately funnel funds back to support the regime’s weapons programs.
Since April 2024, Amazon has prevented over 1,800 suspected DPRK operatives from securing remote IT positions, indicating a significant increase in attempts to infiltrate the company. Schmidt noted that the number of applications affiliated with North Korea has surged by 27% quarter over quarter this year. The fraudulent applications were identified through Amazon’s AI-powered screening system, supplemented by manual verification efforts from its security staff.
Concealed Operations and Innovative Tactics
Schmidt explained that many of these operatives utilize “laptop farms”—computers physically located in the U.S. but remotely controlled from outside the country—to mask their true identities. In June, the Department of Justice revealed it had uncovered 29 illegal laptop farms across the United States, which were being used by North Korean IT workers. These operations involved U.S.-based individuals who created fraudulent companies, allowing North Korean agents access to laptops provided by American companies.
Assistant Attorney General John A. Eisenberg of the DOJ’s National Security Division emphasized the threat posed by such schemes, stating that they target U.S. companies while evading sanctions to fund North Korea’s illicit activities, including its weapons programs. In a notable case, an Arizona woman received a prison sentence of more than eight years for operating a laptop farm that enabled North Korean IT workers to obtain jobs at over 300 U.S. companies. The scheme reportedly generated more than $17 million in illicit revenue.
Rising Threats and International Cooperation
In his post, Schmidt warned that various strategies employed by fraudulent applicants are likely operating at scale across the industry. He highlighted the increasing sophistication of identity theft and deception tactics, including impersonating legitimate software engineers and hijacking LinkedIn profiles of active professionals. “We’ve also identified networks where individuals exchange access to their accounts for payment,” he noted.
Schmidt urged employers to be vigilant for signs of fraud, such as inconsistently formatted phone numbers and discrepancies in educational backgrounds. In response to the escalating threat, the U.S., Japan, and South Korea convened a joint forum in Tokyo in August 2024 to enhance collaboration against North Korean operatives posing as IT workers. The three nations released a statement affirming that hiring or outsourcing work to North Korean IT personnel poses serious risks, including the theft of intellectual property, data breaches, financial losses, and potential legal ramifications.
As one of the world’s largest employers, Amazon’s extensive experience with cyber threats places it in a unique position to understand the evolving landscape of these operations, according to Schmidt. The company believes it has a responsibility to share insights gained from its experiences to help mitigate these growing threats.
