Amazon has thwarted more than 1,800 job applications linked to suspected North Korean agents since April 2024. According to the company’s chief security officer, Stephen Schmidt, these operatives aim to secure positions that allow them to funnel wages back to the regime in Pyongyang to support its weapons programs.
In a LinkedIn post on Friday, Schmidt detailed how applicants often utilize fake or stolen identities to pursue remote IT roles within the United States and globally. He noted a troubling increase in such applications, reporting a 27% rise in quarter-over-quarter submissions linked to the Democratic People’s Republic of Korea.
The fraudulent activity has been identified through Amazon’s advanced AI-driven application screening combined with manual checks by staff. Schmidt explained that many of these operatives operate from “laptop farms,” which are computers situated in the U.S. but controlled remotely from abroad. In June, the U.S. Department of Justice uncovered 29 illegal laptop farms across the country being used by North Korean IT workers.
These operations involved individuals based in the U.S. who established fraudulent companies, granting North Korean agents access to U.S. company-provided laptops. John A. Eisenberg, Assistant Attorney General of the Department’s National Security Division, emphasized that these schemes are designed to evade sanctions while funding the North Korean regime’s illicit activities, including weapons development.
In a notable case, a woman from Arizona received a sentence of over eight years in prison for managing a laptop farm that facilitated remote employment for North Korean IT workers at more than 300 U.S. companies. This operation reportedly generated over $17 million in illicit revenue.
Schmidt’s post also highlighted the increasing sophistication of these fraudulent tactics, including the impersonation of legitimate software engineers through hijacked LinkedIn profiles. “We’ve also identified networks where individuals exchange access to their accounts for payment,” he stated, advising employers to remain vigilant against common signs of fraud, such as poorly formatted phone numbers and inconsistent educational backgrounds.
In response to the escalating threat posed by North Korean operatives masquerading as IT workers, the U.S., Japan, and South Korea convened a joint forum in Tokyo in August 2024. The countries expressed concerns that hiring or outsourcing work to North Korean IT personnel could lead to severe risks, including theft of intellectual property and potential legal ramifications.
As one of the largest employers worldwide, Amazon’s experiences with cyber threats provide valuable insights into the evolving nature of these operations. Schmidt emphasized the company’s responsibility to share its findings as it continues to combat the growing prevalence of fraud in the industry.
