Amazon’s chief security officer Stephen Schmidt writes that since April 2024, the company has stopped over 1800 job applications suspected of coming from North Korean agents. The number of applications linked to North Korea has also increased by about 27% per quarter in 2025.
The purpose of the infiltration is said to be to obtain remote employment with foreign companies, mainly in the United States, and then transfer the income to North Korea’s weapons program.
Amazon combines AI-based analysis with manual review to detect suspicious applications. Algorithms search for links to at-risk institutions, anomalies in applications, and geographic inconsistencies. Identities are verified through background checks, references, and structured interviews.
According to Schmidt, the company has seen several recurring trends. Identity theft is becoming more sophisticated, with fraudsters posing as real developers. Hijacked LinkedIn accounts are being used to boost credibility, and AI and machine learning jobs are particularly vulnerable targets.
Some operators use so-called “laptop farms” in the US to give the impression of local presence, and fake educational credentials from US universities are common. According to Amazon, even small details, such as phone numbers written with a country code of “1”, can help reveal fake profiles.
Amazon says that the problem is likely to be industry-wide and urges other companies to review their identity verification practices and report suspicious cases to authorities such as the FBI.
Related reading:
North Korean group infiltrated 100-plus companies with imposter IT pros: CrowdStrike report
How not to hire a North Korean IT spy
North Korean hackers impersonated recruiters to steal credentials from over 1,500 developer systems
North Korean fake IT workers up the ante in targeting tech firms
No Responses