American technology behemoth Amazon has revealed it prevented more than 1,800 job applications from suspected North Korean operatives, as concerns mount over state-sponsored schemes to illicitly fund Pyongyang's nuclear ambitions through remote work.
Sophisticated Recruitment Fraud Uncovered
In a detailed post on LinkedIn, Amazon's chief security officer, Stephen Schmidt, stated that individuals linked to the Democratic People's Republic of Korea (DPRK) have been aggressively "attempting to secure remote IT jobs with companies worldwide, particularly in the US". He warned this is an industry-wide issue, not one confined to Amazon.
Schmidt disclosed that his company has seen a 27 per cent increase in DPRK-affiliated applications quarter-over-quarter this year. "Their objective is typically straightforward: get hired, get paid and funnel wages back to fund the regime’s weapons programs," he explained. Since April 2024, Amazon has stopped over 1,800 such suspected operatives from joining the company.
Fake Identities and 'Laptop Farms'
The methods used are sophisticated. Schmidt alleged that applicants often operate through "laptop farms" – clusters of computers physically located in countries like the US but controlled remotely from abroad. This creates a false impression of a domestic worker.
Other red flags include oddly formatted contact details, such as US phone numbers beginning with '+1' instead of '1', and dubious academic credentials. Fraudsters also hijack dormant LinkedIn accounts of legitimate software engineers, using stolen credentials. In some cases, they employ AI tools or deepfakes to bolster their cover during video interviews.
"We've also identified networks where people hand over access to their accounts in exchange for payment," Schmidt added, highlighting the complexity of the threat.
A Multi-Million Pound Threat to Global Security
The scale of the financial operation is significant. In July, an Arizona woman was sentenced to nearly eight years in prison for running a laptop farm that helped North Korean IT workers land positions at over 300 US companies, generating more than $17m for Pyongyang.
The US Department of Justice stated in June that it had uncovered 29 such laptop farms. Over the past six years, these schemes have allegedly cost American companies almost $88m. Dr Hong Min, an analyst at the Korea Institute for National Unification, told AFP that given Amazon's business, the primary motive was likely economic, aimed at stealing financial assets.
This activity is part of a broader cyber warfare strategy. A 2020 US army report detailed that North Korea's primary cyber unit, Bureau 121, comprises around 6,000 personnel operating from various countries. South Korea's intelligence also previously accused the North of using fake recruiter profiles on LinkedIn to target defence industry workers for sensitive information.
Schmidt urged other companies to increase vigilance, recommending they query databases for patterns in resumes and contact details, implement multi-stage identity verification, and monitor for unusual remote access or unauthorised hardware. "The problem isn't Amazon-specific," he cautioned, "but likely happening at scale across the industry."
