In a major global business and cybersecurity development, American tech giant Amazon has blocked North Korean nationals from applying for jobs, citing serious concerns over remote hiring abuse, fake identities, and potential cyber threats.
The decision comes amid growing allegations that North Korea is deploying IT workers abroad to generate revenue for its weapons programmes, often by infiltrating global companies under false identities.
Amazon’s move highlights a broader problem facing the global tech industry, where remote work opportunities are increasingly being exploited by hostile state-linked actors, raising alarms across governments and corporations alike.
Amazon Blocks North Koreans Over Security Concerns
Amazon’s Chief Security Officer Stephen Schmidt revealed that the company has blocked more than 1,800 job applications from suspected North Korean operatives since April 2024.
In a LinkedIn post, Schmidt noted that applications linked to North Korea had surged by nearly one-third over the past year, particularly for remote IT roles in US-based companies.
According to Schmidt, the aim of these applicants is “straightforward”: get hired, get paid, and funnel wages back to fund the regime’s weapons programmes. He warned that the issue is not limited to Amazon but is likely happening “at scale across the industry.”
Why North Koreans Are Targeting Remote IT Jobs
With international sanctions restricting its economy, North Korea has increasingly turned to cyber operations and overseas IT work to generate revenue.
According to US authorities and intelligence agencies, the Kim Jong Un regime trains thousands of skilled IT workers who pose as freelancers, developers, or engineers abroad.
Remote hiring has made this easier than ever. Work-from-home roles allow individuals to apply for jobs without ever physically entering the country, making identity verification more challenging. These workers often operate from third countries or use intermediaries, making detection difficult.
Much of the money earned through these jobs is allegedly sent back to Pyongyang, where US officials claim it is used to support missile development, nuclear weapons programmes, and cyber warfare units.
Fake Identities and ‘Laptop Farms’ Raise Red Flags
One of the most alarming tactics highlighted by Amazon involves the use of fake or stolen identities. According to Schmidt, suspected North Korean applicants often hijack dormant LinkedIn profiles, steal credentials of legitimate engineers, or fabricate academic records to pass hiring checks.
Another major concern is the use of “laptop farms” computers physically located in the United States but controlled remotely from abroad. These setups allow operatives to appear as if they are working from within the US while actually operating from outside the country.
Common warning signs include:
-
Incorrectly formatted US phone numbers
-
Dubious academic credentials
-
Similar resume patterns
-
Suspicious IP addresses and remote access behaviour
“Small details give them away,” Schmidt said, adding that while individual red flags may seem harmless, combined indicators paint a concerning picture.
Not Just Amazon: A Widespread Industry Threat
Security experts warn that Amazon’s experience reflects a much larger industry-wide problem. The US Department of Justice revealed earlier this year that it had uncovered 29 laptop farms operating across the country, enabling North Koreans to secure jobs using fraudulent identities.
In one high-profile case, an Arizona woman was sentenced to nearly eight years in prison for running a laptop farm that helped North Korean workers infiltrate over 300 US companies, generating more than $17 million for Pyongyang.
According to the DOJ, such schemes have cost American companies nearly $88 million over the past six years.
Fake Job Portals and AI-Driven Deception
The threat is also evolving. Researchers recently discovered that North Korean operatives created fake job-application platforms mimicking popular recruitment tools like Lever. These platforms targeted candidates applying to major AI and cryptocurrency firms, allowing attackers to compromise applicants’ devices even before hiring.
Security firm Validin said these fake portals were designed to look legitimate, making job seekers more likely to download malicious files or run compromised coding tests.
Experts warn that AI tools and deepfakes are now being used to strengthen fake identities during interviews, making detection even harder.
Cyber Theft and Weapons Funding
North Korea’s cyber operations have already proven devastating. According to United Nations reports and private cybersecurity firms, North Korean hackers have stolen billions of dollars from banks and cryptocurrency companies in recent years.
A White House official estimated in 2023 that nearly half of North Korea’s missile programme funding came from cybercrime and digital theft.
US intelligence reports have long detailed the structure and objectives of Pyongyang’s cyber warfare units, describing them as a core pillar of the regime’s survival strategy.
Amazon Urges Companies to Stay Vigilant
In his post, Amazon’s security chief urged companies worldwide to strengthen identity verification processes, especially during hiring. He recommended:
-
Multi-stage identity verification
-
Monitoring unusual remote access
-
Scrutinising resume and credential patterns
-
Reporting suspicious activity to authorities
Experts agree that as remote work becomes permanent, cybersecurity risks tied to hiring will only grow.
Bigger Message for the Global Tech Industry
Amazon’s decision to block North Korean applicants is not just an HR policy change it is a clear warning to the global tech ecosystem. As geopolitical tensions spill into cyberspace, companies are being forced to rethink how open and borderless digital work truly is.
For now, Amazon’s move signals a tougher stance against what many governments see as a state-sponsored cyber threat, reinforcing the need for vigilance in an increasingly remote and interconnected world.
ALSO READ: Income Tax Refunds Delayed for Many Taxpayers: Read to Know More
Sofia Babu Chacko is a journalist with over five years of experience covering Indian politics, crime, human rights, gender issues, and stories about marginalized communities. She believes that every voice matters, and journalism has a vital role to play in amplifying those voices. Sofia is committed to creating impact and shedding light on stories that truly matter. Beyond her work in the newsroom, she is also a music enthusiast who enjoys singing.
