Amazon have found 1,800 job applications to be from North Korean operatives, who use ‘laptop farms’ and hack into LinkedIn accounts to try and access remote IT jobs to fund Kim Jong-Un’s regime
A major US technology firm has blocked nearly 2,000 job applications from suspected North Korean rogues backed by Kim Jong-Un. A senior executive at Amazon has revealed North Koreans tried to get their foot in the door by applying for remote working IT jobs.
Amazon’s chief security officer Stephen Schmidt said that Kim Jong-Un’s men tried to send applications in using stolen or fake activities, and believes this isn’t ‘Amazon specific’ but is ‘likely happening at scale across the industry.
He said in a LinkedIn post: “Over the past few years, North Korean (DPRK) nationals have been attempting to secure remote IT jobs with companies worldwide, particularly in the US.
“Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime’s weapons programs.
“At Amazon, we’ve stopped more than 1,800 suspected DPRK operatives from joining since April 2024, and we’ve detected 27% more DPRK-affiliated applications quarter over quarter this year.”
Amazon managed to figure this out by using AI-powered screening with human verification. Their software analyses ‘connections to nearly 200 high-risk institutions, anomalies across applications, and geographic inconsistencies.’
He added that North Korea has started targeting LinkedIn, by hijacking dormant accounts through compromised credentials to gain verification.
Amazon also claims they have spotted networks where people hand over access to their accounts in exchange for payment.
North Korean operatives are also said to work with facilitators managing ‘laptop farms.’ These are US-based locations that maintain a domestic presence, while the worker operates remotely from outside the country.
In July, a woman from Arizona was sentenced to more than eight years in jail for running a laptop farm to help North Korean IT workers secure remote jobs at more than 300 US companies, as per the BBC.
Schmidt concluded: “If you’re concerned about these threats in your organization, query your databases for common indicators: patterns in resumes,
“If you identify suspected DPRK IT workers, report it to the FBI or your local law enforcement.
“And if you’re seeing similar patterns or have insights to share, I encourage you to do so. The more we share what we’re learning, the harder we make it for these operations to succeed.”
For the latest breaking news and stories from across the globe from the Daily Star, sign up for our newsletters.