Amazon Blocks More Than 1,800 Suspected North Korean Remote Applicants

Amazon says it has blocked more than 1,800 job applications from suspected North Korean operatives seeking remote information technology roles, the company’s chief security officer wrote in a LinkedIn post. The disclosure comes as firms and law enforcement grapple with a sophisticated campaign that uses fabricated identities, stolen credentials and remote control techniques to place North Korea linked workers in lucrative remote positions.

Stephen Schmidt said in his post that the blocks have occurred since April 2024, though the same total has also been described as covering roughly the last 20 months depending on the framing used around the post date. Schmidt also said Amazon “detected 27 per cent more DPRK affiliated applications quarter over quarter this year,” indicating a steady rise in attempts even as the company increases scrutiny.

Amazon describes a two stage screening approach. AI powered models flag anomalous profiles by scanning multiple signals, and human analysts then verify suspicious cases. The company’s security team has reported cases where technicians identified abnormally high keystroke lag or other technical fingerprints consistent with remote control of domestic machines, a pattern investigators say points to so called laptop farms. Those operations involve overseas controllers directing computers located inside the United States or other countries to circumvent location checks and sanctions.

Investigators and law enforcement say applicants often rely on stolen or fabricated identities and take steps to mask their true locations. The alleged aim is straightforward, according to Schmidt’s post, summon the jobs convert wages and support Pyongyang’s programs. As he put it, operators seek to “get hired, get paid, and funnel wages back to fund the regime’s weapons programs.”

Federal prosecutors have already brought cases tied to laptop farms and related schemes. Court records and Department of Justice filings show that in July a woman in Arizona received more than eight years in prison after running a laptop farm that helped North Korean IT workers secure remote roles at hundreds of US companies. The DOJ said that scheme generated more than $17 million in illicit proceeds, a sum prosecutors allege was used to benefit the North Korean regime.

Different investigations point to wide corporate exposure. Some probes have identified more than 240 victimized companies in certain networks, while a separate laptop farm case listed more than 300 affected firms. Industry security teams warn that the true scale is likely larger because many affected employers may never detect anomalous hires or may not disclose incidents publicly.

The trend poses practical and strategic questions for companies hiring remote technology workers. Employers must balance rapid talent acquisition for high demand roles with more rigorous identity and provenance checks, while national security officials press for coordination across industry to stem revenue flows to sanctioned actors. US and South Korean authorities have issued public warnings about the activity, urging firms to harden recruitment processes and share intelligence on suspected operations.

As remote work remains integral to the technology sector, companies face the dual challenge of protecting their networks and preventing unwitting assistance to state sponsored illicit programs. Amazon’s disclosure underscores a widening front in cyber and economic confrontation that extends from hiring portals into geopolitics.