Amazon has stopped more than 1,800 suspected North Korean agents from applying for jobs over the last 20 months, a top executive at the firm has said.
In a post on LinkedIn, Stephen Schmidt, Amazon’s chief security officer, said North Korean nationals had in recent years been attempting to land remote tech roles with companies across the globe.
“Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime’s weapons programs,” Schmidt wrote.
Amazon has used a combination of AI-powered screening and human verification to detect and block such applications, Schmidt continued.
The company’s AI model searches for connections to around 200 “high-risk institutions” and analyzes “anomalies across applications” and “geographic inconsistencies.”
Human reviewers then conduct background checks, verify credentials, and carry out interviews, he added.
Schmidt said fraudsters were becoming more “calculated,” with many targeting real software engineers in an effort to gain credibility.
Others attempt to take over dormant LinkedIn accounts or pay for access to existing profiles, he continued.
AI and machine-learning roles have been increasingly targeted due to high demand, he added.
“Small details give them away,” Schmidt went on. “For example, these applicants often format U.S. phone numbers with “+1” rather than “1.” Alone, this means nothing. Combined with other indicators, it paints a picture.”
The operatives often work with “laptop farms,” Schmidt said, which are US-based locations that maintain a domestic presence while workers operate remotely from abroad.
“This isn’t Amazon-specific,” Schmidt added. “This is likely happening at scale across the industry.”
In July, an Arizona woman was sentenced to 102 months in prison for her role in assisting North Korean IT workers in securing remote IT jobs at more than 300 US companies.
The Justice Department said the laptop farming scheme generated over $17 million in illicit revenue for the woman and Pyongyang.
CrowdStrike’s 2025 Threat Hunting Report found that the North Korean remote-worker scheme is a growing threat.
Amazon had detected 27% more North Korea-linked applications quarter over quarter this year, Schmidt said.
In June, the DOJ said authorities had carried out searches of 29 known or suspected “laptop farms” across 16 US states. It said North Korean actors had managed to obtain employment with more than 100 US companies.
The DOJ did not name the companies but said they included Fortune 500 firms.
The FBI recommends that businesses scrutinize identity verification documents, verify prior employment and education, and require in-person meetings.
