Seattle – Amazon has revealed it blocked over 1,800 job applications suspected of being linked to North Korean intelligence operatives in the past year, as the nation’s cyber operatives increasingly target multinational corporations to fund weapons programs. The applicants allegedly sought remote positions in information technology, utilizing compromised or falsified credentials, according to Stephen Schmidt, Amazon’s Chief Security Officer. The revelation comes amid heightened U.S. and South Korean warnings about the growing sophistication of North Korean cyber fraud and a recent Justice Department crackdown on “laptop farms” facilitating the scheme.
Amazon has thwarted an effort by North Korean intelligence operatives to infiltrate the company through job applications, intercepting over 1,800 suspicious applications in the last year. The applicants reportedly sought remote positions in information technology, often using stolen or fabricated credentials.
Stephen Schmidt, Amazon’s Chief Security Officer, revealed the findings in a social media post, stating the goal of these applications was to secure employment, collect wages, and funnel funds back to the North Korean regime to support its weapons programs. He indicated this activity is likely widespread across the industry, particularly within the United States. Amazon’s experience highlights the growing cybersecurity risks facing multinational corporations.
Application Volume Up Nearly One-Third Year-Over-Year
According to Schmidt, Amazon saw a nearly 33% increase in job applications originating from individuals linked to North Korea over the past year. These operatives frequently collaborate with individuals running “laptop farms”—networks of computers located in the U.S. and remotely controlled by operators based abroad.
Amazon stated it utilizes artificial intelligence tools, combined with employee review processes, to screen applications and has successfully blocked a significant number of suspicious cases. Schmidt also noted that these fraudulent tactics are becoming increasingly sophisticated, with actors exploiting data breaches to hijack inactive LinkedIn accounts and leverage platform verification to appear as legitimate software engineers.
Intermediaries Facilitate Successful Hiring of North Korean Operatives
Schmidt urged other companies to report suspicious applications to authorities and be vigilant for potential red flags, including incorrectly formatted phone numbers and inconsistencies in educational backgrounds.
U.S. and South Korean authorities have previously issued warnings regarding online fraud activities conducted by North Korean intelligence operatives. In June, the U.S. government announced it had uncovered 29 illegally operated “laptop farms” assisting North Korean IT workers in obtaining employment at U.S. companies using stolen or fabricated identities.
The Department of Justice stated that several U.S. intermediaries were involved in facilitating the hiring of North Korean operatives, and charges have been filed in connection with these cases. In July, a woman from Arizona was sentenced to over eight years in prison for operating a “laptop farm” that helped North Korean IT workers secure remote jobs at more than 300 U.S. companies. The Department of Justice estimates the scheme generated over $1.7 million (approximately $133 million HKD) in illicit proceeds for the woman and the Pyongyang regime.
