Amazon has blocked more than 1,800 job applications tied to suspected North Korean operatives who attempted to secure remote IT roles using stolen or fabricated identities, according to a senior security executive at the company.
Remote Hiring Targeted By Suspected Operatives
Amazon chief security officer Stephen Schmidt said in a LinkedIn post that the applicants were seeking remote technology jobs with the goal of earning wages that could be sent back to support North Korea’s weapons programs.
Schmidt said Amazon has seen a nearly one-third increase in job applications linked to suspected North Korean actors over the past year. He added that the pattern is likely occurring across much of the U.S. technology sector, not just at Amazon.
Use Of Stolen Identities And Laptop Farms
According to Schmidt, the applicants often rely on stolen or fake identities and work in coordination with so-called “laptop farms.” These setups involve computers physically located in the United States but accessed remotely from outside the country, allowing foreign workers to appear as U.S.-based employees.
Schmidt said the operatives frequently hijack dormant LinkedIn accounts using leaked login credentials, sometimes targeting real software engineers to gain credibility during the hiring process.
Screening Methods And Warning Signs
Amazon uses a combination of artificial intelligence tools and manual review by its staff to screen job applications, Schmidt said. He warned that the methods used by these actors have become increasingly sophisticated.
He advised employers to watch for red flags such as incorrectly formatted phone numbers, inconsistencies in education histories, and other mismatches in application details. Schmidt also urged companies to report suspicious applications to authorities.
Government Investigations And Criminal Cases
U.S. authorities have previously warned about North Korean nationals attempting to obtain remote work through fraud. In June, the US Department of Justice said it uncovered 29 illegal laptop farms operating across the United States.
According to the DOJ, these operations used stolen or forged identities of U.S. citizens to help North Korean IT workers secure jobs at American companies. The department also indicted U.S.-based brokers who assisted in placing the workers.
In July, the DOJ said a woman from Arizona was sentenced to more than eight years in prison for running a laptop farm that helped North Korean IT workers obtain remote jobs at more than 300 U.S. companies. The scheme generated more than 17 million dollars in illicit proceeds for her and the North Korean government, the department said.
Broader Industry Concern
U.S. and South Korean authorities have repeatedly warned that North Korea uses online fraud and remote employment schemes to raise funds. Schmidt said the scale of the activity suggests the issue extends beyond any single company and affects the broader technology industry.
Featured image credits: Roboflow Universe
For more stories like it, click the +Follow button at the top of this page to follow us.