Ask Onix
Amazon blocks North Korean-linked job applications
Amazon has intercepted over 1,800 remote job applications suspected to originate from North Korean operatives attempting to infiltrate the company, its chief security officer revealed on Tuesday.
Motives and methods
Stephen Schmidt, Amazon's security chief, stated in a LinkedIn post that the applicants used stolen or fabricated identities to secure IT positions. Their primary goal, he explained, was to secure employment, receive salaries, and channel funds back to Pyongyang to support the regime's weapons programs.
Schmidt warned that this trend is not isolated to Amazon but is occurring industry-wide, particularly in the U.S.
Rising threats and sophisticated tactics
Amazon has observed a nearly 30% increase in such applications over the past year. Schmidt described how operatives often collaborate with individuals running "laptop farms"-computers located in the U.S. but controlled remotely from abroad.
The company employs a mix of artificial intelligence tools and human verification to screen applications, as fraudsters continually refine their strategies. Schmidt noted that bad actors now hijack dormant LinkedIn accounts using leaked credentials and impersonate legitimate software engineers to appear credible.
Red flags and industry warnings
Schmidt urged employers to remain vigilant for signs of fraudulent applications, such as incorrectly formatted phone numbers and discrepancies in education histories. He also encouraged companies to report suspicious activity to authorities.
"Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime's weapons programs."
Stephen Schmidt, Amazon Chief Security Officer
Government crackdowns and legal actions
In June, U.S. authorities disclosed the dismantling of 29 laptop farms operating illegally across the country. These farms used stolen or forged American identities to help North Korean nationals secure remote jobs, according to the Department of Justice (DOJ). The DOJ also indicted U.S.-based brokers who facilitated these schemes.
In July, an Arizona woman received an eight-year prison sentence for running a laptop farm that enabled North Korean IT workers to obtain remote positions at over 300 U.S. companies. The DOJ reported that the operation generated more than $17 million in illicit profits for her and the North Korean regime.
Broader implications
Both U.S. and South Korean authorities have repeatedly warned about Pyongyang's operatives engaging in online scams, highlighting the growing threat of state-sponsored cyber fraud in the global job market.
