A senior Amazon executive has disclosed alarming information regarding a significant infiltration attempt by suspected North Korean agents into the company’s job application process. Stephen Schmidt, Amazon’s chief security officer, announced that the tech giant has blocked over 1,800 job applications that were linked to these suspected operatives. The attempted applications were primarily for remote IT positions, which were submitted using either stolen or fabricated identities.
In a detailed post on LinkedIn, Schmidt explained that the motives behind these applications are quite clear: the suspected agents aim to secure employment, receive salaries, and subsequently divert their wages to support North Korea’s weapons development programs. He emphasized that this pattern is likely being replicated across the technology sector in the United States.
Over the past year, Amazon has experienced a nearly one-third surge in job applications from individuals believed to be North Korean nationals. According to Schmidt, these operatives often collaborate with individuals managing what he termed “laptop farms”—groups of computers located within the U.S. that are controlled remotely from North Korea.
To combat these infiltration attempts, Amazon has employed a sophisticated combination of artificial intelligence tools alongside thorough manual verification processes. Schmidt noted that the tactics employed by these fraudsters have grown increasingly advanced. Many of them hijack dormant LinkedIn accounts, using leaked credentials to gain a semblance of legitimacy, and deploy real software engineers to create a credible front.
He urged other companies to remain vigilant and report any suspicious job applications to the appropriate authorities. Employers should be particularly aware of certain red flags, such as incorrectly formatted phone numbers and discrepancies in educational backgrounds.
In an alarming update in June, U.S. authorities revealed the discovery of 29 illegal laptop farms operated by North Korean IT workers across the nation. These operations utilized fake or stolen American identities to help North Korean nationals find employment in the U.S. The Department of Justice (DOJ) has since indicted several U.S. brokers who had aided in these schemes.
In a related case, a woman from Arizona was sentenced to over eight years in prison for running a laptop farm that facilitated remote employment for over 300 North Korean IT workers in American companies. The DOJ reported that her illicit activities generated upwards of $17 million (£12.6 million) in profits for both her and the North Korean regime.
As the situation develops, it underscores the growing complexity of cybersecurity and employment integrity in the evolving digital landscape, particularly with regards to potential geopolitical threats.
