Washington: Amazon has blocked more than 1,800 job applications after identifying suspected attempts by North Korean operatives to secure remote technology roles using stolen or fabricated identities, highlighting growing risks facing global employers.
The development has underscored how cyber-enabled labour fraud has expanded alongside the rise of remote work, particularly within the US technology sector.
According to Amazon’s chief security officer Stephen Schmidt, the company has detected a sharp rise in fraudulent applications over the past year, with submissions linked to North Korea increasing by nearly one-third. Amazon has identified that the applicants were targeting remote IT positions, with the intention of earning salaries that could then be funnelled back to support the North Korean regime’s weapons programmes.
Amazon has relied on a combination of artificial intelligence systems and manual verification by internal security teams to flag suspicious behaviour during recruitment processes. These checks have included scrutinising identity documents, education histories and contact details, which in many cases did not align with legitimate applicant records.
Investigations have shown that the operatives often rely on so-called ‘laptop farms; located inside the US. These setups involve computers physically based in the country but operated remotely from overseas, allowing North Korean workers to appear as though they are employed domestically.
Amazon has warned that such tactics have become increasingly sophisticated, with fraudsters now hijacking dormant professional networking accounts using leaked login credentials to pass employer verification checks.
The issue has not been limited to Amazon. US and South Korean authorities have repeatedly warned that North Korea has been deploying thousands of IT workers overseas to generate foreign currency through deception and cyber-enabled employment schemes. In June, US authorities uncovered 29 laptop farms operating illegally across several states, supporting North Korean workers using stolen or forged American identities.
The US Department of Justice has stated that brokers inside the country played a role in securing jobs for the operatives, and criminal cases have followed. In one instance, an Arizona resident received a prison sentence of more than eight years after helping North Korean IT workers obtain remote jobs at more than 300 US companies. Prosecutors said the scheme generated over $17 million (£12.6 million) in illicit income.
Amazon has urged other companies to remain vigilant and report suspicious applications to authorities, noting that inconsistencies in phone numbers, employment histories and education records can be early warning signs. Security experts have cautioned that as remote work remains widespread, technology firms and employers across multiple sectors will continue to face heightened risks from organised state-backed fraud networks.
The company has emphasised that protecting recruitment systems is now a core part of safeguarding national and corporate security, as cyber threats increasingly intersect with global labour markets.
YOU MAY LIKE | Jim Beam to halt production at main Kentucky distillery for a year
