Amazon has thwarted over 1,800 job applications from suspected North Korean operatives since April 2024, emphasizing growing concerns regarding cyber scams linked to the regime in Pyongyang. In a recent LinkedIn post, Stephen Schmidt, Amazon’s Chief Security Officer, detailed how these applicants often utilize fake or stolen identities to seek remote IT positions in the U.S. and internationally.
According to Schmidt, the aim of these operatives is to secure employment, receive payment, and subsequently funnel their wages back to support the North Korean government’s weapons programs. “We’ve detected 27% more DPRK-affiliated applications quarter over quarter this year,” he noted, using the acronym for the Democratic People’s Republic of Korea.
The detection of these fraudulent applications has been aided by Amazon’s advanced AI-powered application screening system, which is supplemented by manual verification efforts from company staff. Schmidt elaborated that many agents employ “laptop farms,” which are computers physically located in the U.S. but operated remotely from abroad, to obscure their true locations.
Uncovering the Threat
In June, the U.S. Department of Justice revealed it had identified 29 illegal laptop farms across the country being utilized by North Korean IT workers. These operations involved U.S.-based individuals who established fraudulent companies, granting North Korean agents remote access to U.S. companies’ laptops.
Assistant Attorney General John A. Eisenberg of the Department’s National Security Division stated, “These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs.” In a related case, a woman from Arizona was sentenced to over eight years in prison for managing a laptop farm that enabled North Korean IT workers to secure remote jobs at more than 300 U.S. companies, generating over $17 million in illicit profits.
Schmidt’s post underscored that these tactics are likely part of a broader trend affecting the entire tech industry. He cautioned employers to be vigilant, noting that fraudulent workers have developed more sophisticated strategies, including impersonating legitimate software engineers and hijacking LinkedIn profiles of active professionals.
International Collaboration Against Cyber Threats
In August, representatives from the U.S., Japan, and South Korea convened in Tokyo to discuss enhancing cooperation against the rising threat of North Korean operatives posing as IT professionals. In their joint statement, the three nations emphasized that “hiring, supporting, or outsourcing work to North Korean IT workers increasingly poses serious risks,” including theft of intellectual property, data breaches, and potential legal ramifications.
Schmidt concluded his post by highlighting the necessity for employers to be aware of subtle signs of fraud, such as incorrectly formatted phone numbers and discrepancies in education histories. By sharing insights from Amazon’s experiences, he aims to bolster awareness and preparedness within the industry against these evolving cyber threats.
