Amazon says over 1,800 North Koreans blocked from applying for jobs at tech giant

American tech giant Amazon claims to have blocked more than 1,800 job applications from suspected North Korean operatives as the East Asian nation faces accusations of deploying IT workers overseas to generate and launder money for its nuclear weapons programme.

Amazon chief security officer Stephen Schmidt noted in a LinkedIn post that North Koreans had been ”attempting to secure remote IT jobs with companies worldwide, particularly in the US”.

His company, he said, had seen such applications rise by nearly a third over the past year.

”Their objective is typically straightforward: get hired, get paid and funnel wages back to fund the regime’s weapons programs. At Amazon, we’ve stopped more than 1,800 suspected DPRK operatives from joining since April 2024 and we've detected 27 per cent more DPRK-affiliated applications quarter over quarter this year,” he said, using the country’s official name of the Democratic People’s Republic of Korea.

Mr Schmidt alleged that the Koreans often operated through “laptop farms”, meaning computers located in the US but controlled remotely from abroad. He cautioned that the problem “isn’t Amazon-specific” but “likely happening at scale across the industry”.

According to Mr Schmidt, common signs of North Korean applicants include wrongly formatted phone numbers and dubious academic credentials. “Small details give them away. For example, these applicants often format US phone numbers with ‘+1’ rather than ‘1’. Alone this means nothing. Combined with other indicators, it paints a picture,” he said.

He also described a trend of fraudsters hijacking dormant LinkedIn accounts with stolen credentials to impersonate legitimate software engineers, sometimes even using AI tools or deepfakes to strengthen their cover during interviews.

open image in gallery

Last year, South Korea’s intelligence agency claimed that operatives from the North were posing as recruiters on LinkedIn to target the rival country’s citizens employed with defence companies in a bid to extract sensitive technological information.

Mr Schmidt alleged that his company had “also identified networks where people hand over access to their accounts in exchange for payment,” .

Much of the income earned by these workers is allegedly sent back to the North Korean government, which, according to US authorities, uses it to fund weapons programmes.

The Amazon executive urged companies to remain vigilant. “If you are concerned about these threats in your organisation, query your databases for common indicators: patterns in resumes, emails, phone numbers, educational backgrounds. Implement identity verification at multiple hiring stages, and monitor for anomalous technical behaviour: unusual remote access, unauthorised hardware,” Mr Schmidt said in the post.

Dr Hong Min, an analyst at the Korea Institute for National Unification, told the news agency AFP that the North was “actively training cyber personnel and infiltrating key locations worldwide”.

“Given Amazon’s business nature, the motive seems largely economic, with a high likelihood that the operation was planned to steal financial assets,” he said.

open image in gallery

The US Department of Justice said in June that it had uncovered 29 laptop farms in the country that enabled North Koreans to get jobs using stolen or fabricated identities.

In July, an Arizona woman was sentenced to nearly eight years in prison for operating a laptop farm that allegedly assisted North Korean workers in securing positions at more than 300 US companies, a scheme that generated more than $17m for Pyongyang.

According to the Department of Justice, such schemes have cost American companies almost $88m over the past six years.

In 2020, a US army report detailed North Korea’s cyber warfare capabilities, detailing the structure of its units and the objectives of their operations.

The report said North Korea’s primary cyber warfare organisation was called the Cyber Warfare Guidance Unit, commonly referred to as Bureau 121. The US army estimates the unit comprises about 6,000 personnel, many of whom operate from countries such as China, Russia, India, Malaysia, and Belarus.

In 2015, South Korea’s defence ministry had estimated that the North maintained an elite cyber unit of up to 6,000 members.