Amazon has thwarted more than 1,800 job applications from suspected North Korean operatives since April 2024, as revealed by the company’s chief security officer, Stephen Schmidt. This increase in fraudulent applications raises alarms over a growing cyber threat linked to the Democratic People’s Republic of Korea (DPRK). Schmidt’s disclosure highlights the ongoing efforts to counteract cyber scams potentially aimed at funding the North Korean regime’s weapons programs.
In a LinkedIn post on Friday, Schmidt outlined the tactics employed by these operatives, who often use fake or stolen identities to apply for remote IT positions worldwide. He noted that Amazon has detected a 27% rise in applications affiliated with the DPRK quarter over quarter this year. The company employs an AI-powered application screening system, complemented by manual verification, to identify and block these suspicious submissions.
The infiltration methods include the use of “laptop farms,” which are computers located in the U.S. but operated remotely from other countries. These setups help conceal the true identities of the applicants. The Department of Justice (DOJ) reported in June that it had uncovered 29 illegal laptop farms across the United States, used by North Korean IT workers to gain access to U.S. company resources.
According to John A. Eisenberg, Assistant Attorney General of the DOJ’s National Security Division, these schemes are designed to evade sanctions and finance North Korea’s illicit activities. In a notable case, a woman from Arizona was sentenced to over eight years in prison for operating a laptop farm that facilitated remote work for North Korean agents at more than 300 U.S. companies. This operation reportedly generated over $17 million in illicit revenue.
Schmidt’s concerns extend beyond blocked applications. He emphasizes that various other fraudulent strategies are likely being implemented across the tech industry. He noted that identity theft has become increasingly sophisticated, with operatives impersonating real software engineers and hijacking LinkedIn profiles of active professionals.
“Small details give them away,” Schmidt warned employers, advising vigilance against common signs of fraud, such as improperly formatted phone numbers and inconsistent educational backgrounds. He stressed that Amazon’s position as one of the largest employers provides it with unique insights into the evolution of these cyber threats and the responsibility to share this knowledge.
In response to the escalating threat posed by North Korean operatives, the U.S., Japan, and South Korea convened a joint forum in Tokyo in August. In their joint statement, the three nations acknowledged that hiring or outsourcing work to North Korean IT workers poses serious risks, including theft of intellectual property, data breaches, and potential legal repercussions.
As the situation evolves, Amazon’s proactive measures and insights may serve as a critical resource for other companies facing similar threats in the digital landscape.
