Amazon has thwarted over 1,800 job applications from suspected North Korean operatives in a significant move to combat cyber threats linked to the Democratic People’s Republic of Korea (DPRK). This revelation comes from Stephen Schmidt, Amazon’s chief security officer, who disclosed the details in a recent LinkedIn post. According to Schmidt, the applications were primarily aimed at remote IT positions, where candidates were allegedly using fake or stolen identities to gain employment.
The surge in these applications is concerning, with Amazon reporting a 27% increase in DPRK-affiliated applications on a quarterly basis this year. Schmidt emphasized the straightforward objective of these operatives: secure a job, receive payment, and subsequently funnel wages back to support the regime’s military ambitions.
Detection Methods and Evolving Strategies
Amazon’s advanced AI-powered application screening system, coupled with meticulous manual verification, has played a crucial role in identifying these fraudulent applications. Schmidt noted that the suspected agents often operate from “laptop farms”—computers located in the U.S. but remotely controlled from North Korea. In June, the Department of Justice (DOJ) uncovered 29 illegal laptop farms across the country, which were being exploited by North Korean IT workers.
John A. Eisenberg, Assistant Attorney General of the DOJ’s National Security Division, stated that these schemes are crafted to evade sanctions while funding the North Korean regime’s illicit programs, including its weapons development. In a notable case, a woman from Arizona was sentenced to over eight years in prison for running a laptop farm that facilitated North Korean operatives in securing remote positions at more than 300 U.S. companies. This operation generated over $17 million in illicit revenue.
Schmidt highlighted that fraudulent workers are employing increasingly sophisticated tactics. Many impersonate legitimate software engineers, hijacking the LinkedIn profiles of active professionals, and creating elaborate networks where individuals exchange account access for compensation. He provided guidance for employers to watch for common indicators of fraud, such as incorrectly formatted phone numbers and inconsistent educational backgrounds.
International Collaboration Against Cyber Threats
In response to the escalating threat posed by North Korean operatives, the U.S., Japan, and South Korea convened a joint forum in Tokyo in August to discuss enhanced collaboration. A joint statement issued at the event underscored the serious risks associated with hiring or outsourcing work to North Korean IT workers, including potential theft of intellectual property, financial resources, and reputational damage.
Schmidt concluded his post by emphasizing Amazon’s unique position as one of the world’s largest employers. He expressed a commitment to sharing insights gained from the ongoing battle against large-scale cyber threats, noting that vigilance is essential in identifying and mitigating these risks. As the landscape of cybercrime evolves, businesses must remain proactive in safeguarding their operations against such infiltration attempts.
