Amazon has stopped more than 1,800 suspected North Korean operatives from joining its workforce, citing a surge in cyber scams linked to Pyongyang.
Amazon Blocks Hundreds of Job Applications
Stephen Schmidt, Amazon’s chief security officer, wrote on LinkedIn that the operatives’ goal is “to get hired, get paid, and funnel wages back to fund the regime’s weapons programs.” He added that applicants use fake or stolen identities to chase remote IT jobs worldwide.
Since April 2024, Amazon has blocked more than 1,800 suspected DPRK operatives and detected a 27% increase in DPRK-affiliated applications quarter over quarter. The fraud is caught by Amazon’s AI-powered application screening system combined with manual verification by staff.
The operatives often run “laptop farms” – computers based in the U.S. but operated remotely from abroad – to hide their true locations.
DOJ Actions and Legal Consequences
In June, the Department of Justice uncovered 29 illegal laptop farms across the U.S. These were run by U.S.-based individuals who created fraudulent companies and hosted the farms, giving North Korean agents remote access to company laptops.
Assistant Attorney General John A. Eisenberg said the schemes “target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs.”
The following month, a woman from Arizona received a sentence of more than eight years in prison for operating a laptop farm that helped North Korean IT workers secure remote jobs at over 300 U.S. companies. The scheme generated more than $17 million in illicit revenue for her and Pyongyang.
Industry Response and Global Cooperation
Schmidt noted that other fraudulent strategies are operating at scale across the industry. Identity theft, elaborate LinkedIn tactics, impersonation of real software engineers, and hijacking of LinkedIn profiles are becoming more sophisticated. Networks also exist where people hand over account access for payment.
He warned that small details can expose fraudsters, such as incorrectly formatted phone numbers and inconsistent education histories.
In August, the U.S., Japan, and South Korea held a joint forum in Tokyo to improve collaboration against North Korean operatives posing as IT workers. The three countries issued a joint statement that hiring, supporting, or outsourcing North Korean IT workers “increasingly poses serious risks, ranging from theft of intellectual property, data, and funds to reputational harm and legal consequences.”
Amazon also announced a partnership with Grubhub, allowing Amazon Prime members to enjoy a free, one-year trial of Grubhub+.
Key Takeaways
- Amazon has blocked over 1,800 suspected DPRK operatives and detected a 27% quarterly rise in related applications.
- DOJ uncovered 29 illegal laptop farms and sentenced a key operator to more than eight years in prison, with the scheme yielding $17 million in illicit revenue.
- The U.S., Japan, and South Korea are coordinating to counter North Korean IT fraud, while Amazon warns of evolving tactics and signs of fraud.
Amazon’s experience underscores the growing threat of North Korean cyber scams and the need for vigilant hiring practices across the tech industry.
