Amazon Blocks Over 1,800 North Korean Fake IT Job Applications in Rising Cybersecurity Threat

SEATTLE, WASHINGTON — Tech giant Amazon says it has blocked more than 1,800 job applications linked to suspected North Korean operatives, highlighting a growing global cybersecurity threat of North Korea laptop farm remote job fraud and illicit efforts to secure remote IT jobs in the U.S. tech sector for financial gain and sanctions evasion.

In a post on LinkedIn this week, Amazon Chief Security Officer Stephen Schmidt revealed that the company has seen a nearly 30% increase in suspected North Korean applicants over the past year. According to the security team, these applicants — using stolen, fake or hijacked professional identities — try to land remote information technology roles and send wages back to fund the regime in Pyongyang.

North Korea Fake IT Job Applications Surge

Amazon’s internal security systems blocked the suspicious applications after flagging red flags such as incorrect phone number formats, fabricated academic history and hijacked LinkedIn profiles. These tactics are part of a broader pattern in which North Korean agents and intermediaries exploit the remote job market to bypass labor laws and sanctions.

“A lot of these applications look legitimate at first glance,” Schmidt said, warning that the problem “isn’t Amazon-specific” and may be happening across the industry — particularly at companies offering remote IT, AI and software roles.

Security experts note that as remote work and AI-focused hiring have surged, so has the sophistication of fraudulent recruitment schemes targeting major corporations. Some operatives are believed to be working with U.S.–based “laptop farms” — setups where computers physically located in the United States are controlled remotely from outside the country to give the appearance of legitimate employment.

Laptop Farm Schemes and Illicit Revenue for Pyongyang

“Laptop farms” have become a central part of how North Korea-linked workers attempt to secure U.S. tech roles. In these schemes, intermediaries receive company laptops in the United States and allow remote workers overseas — often in North Korea — to access them. These operations help bypass basic geographic checks and can provide cover for wage laundering.

In one high-profile case earlier this year, authorities uncovered a laptop farm in Arizona that helped suspected North Korean workers gain remote jobs at more than 300 U.S. companies, generating an estimated $17 million in illicit revenue for the facilitators and Pyongyang.

Industry and Government Warnings on Hiring Fraud

U.S. and South Korean officials have long warned that North Korea uses remote job programs, fake identities and cyber tactics to generate hard currency for its weapons programs and economic survival under international sanctions. Recent alerts from security agencies stress that these schemes are widespread and increasingly sophisticated, often involving AI-assisted profile creation and stolen credentials.

Amazon’s AI-assisted screening tools, paired with manual reviews, help detect suspicious applications, but experts caution that companies must remain vigilant as fraudsters develop new techniques to mimic legitimate talent profiles, including forged resumes and professional histories.

What This Means for Employers and Remote Hiring

The surge in fake remote IT job applications from suspected North Korean operatives underscores a pressing need for deeper verification processes in hiring pipelines. Cybersecurity specialists recommend steps such as:

• Multi-factor identity verification beyond basic background checks
• Anomaly detection using AI and human review
• Monitoring for geographic inconsistencies and stolen credentials

As remote work continues to expand, corporate and government collaboration on cybersecurity and employment integrity becomes essential to counter nation-state exploitation of hiring systems.