In a recent security disclosure, Amazon.com, Inc. (NASDAQ:AMZN) revealed that it has blocked in excess of 1,800 job applications suspected to originate from North Korean operatives posing as legitimate candidates. This activity reportedly involves attempts by these agents to gain remote employment through the use of stolen or counterfeit personal information, enabling them to infiltrate the company’s workforce virtually. The revelation was publicly shared by Stephen Schmidt, Amazon’s chief security officer, who detailed the nature of these fraudulent applications in a post on LinkedIn.
According to Schmidt, these applications typically propose candidates for remote information technology roles. However, the individuals behind the submissions employ stolen or forged identities to deceive Amazon's hiring processes. The underlying motivation appears to be financial gain with a strategic intent: after securing employment and receiving compensation, the funds are redirected to support the regime of Pyongyang, specifically contributing to North Korea’s weapons programs.
Schmidt also cautioned that this type of fraudulent recruitment effort is likely present across other technology companies operating within the United States, emphasizing the broader threat landscape confronting the sector. He further elaborated on the modus operandi employed by these operatives, who frequently collaborate with managers of so-called 'laptop farms.' These facilities consist of computer setups physically located inside the United States but controlled remotely from abroad, effectively masking the origin of the activity and complicating detection efforts.
The frequency of such recruitment attempts is reportedly on the rise; Schmidt noted an approximate increase of one-third in the number of suspected North Korean job applications over the past year. This trend signifies an escalation in efforts by North Korean operatives to penetrate U.S. corporate environments through cyber-enabled employment fraud.
Corresponding to Amazon’s findings, both U.S. and South Korean law enforcement agencies have issued warnings regarding online scams and infiltration attempts linked to Pyongyang. The United States Department of Justice (DOJ) has taken legal action against these illicit operations, announcing the discovery of 29 'laptop farms' being unlawfully operated across the country by North Korean IT workers. These operations relied extensively on stolen American identities to facilitate employment within the United States.
Further compounding the issue, certain U.S.-based brokers have been indicted for assisting these operatives in obtaining jobs, demonstrating the complexity and reach of the network involved. An illustrative case includes a criminal conviction handed down in July to an Arizona resident who was sentenced to over eight years in prison due to her involvement in managing a laptop farm aiding North Korean operatives.
The Department of Justice disclosed that these activities generated revenue exceeding $17 million, a significant portion of which was funneled back to North Korea to finance its weapons development programs. This financial dimension underscores the national security concerns posed by this employment fraud scheme.
Amazon’s public disclosure not only exposes these ongoing infiltration attempts but also signals a call to action for the broader technology industry and government agencies to intensify vigilance and countermeasures against such threats. The combination of cyber deception, identity theft, and foreign state-sponsored objectives creates a multifaceted challenge requiring coordinated responses.
December 27, 2025
Finance
Amazon Identifies and Blocks Over 1,800 North Korean-Linked Fraudulent Job Applications
Remote IT job roles targeted by suspected North Korean operatives using stolen identities to fund Pyongyang's weapons programs
Marcus Reed
Transport & Logistics Analyst
Summary
Amazon.com has intercepted and prevented more than 1,800 job applications submitted by individuals believed to be North Korean agents attempting to secure remote IT employment using fraudulent or stolen identities. This scheme aims to enable these operatives to receive payments that ultimately support North Korea's weapons development. Government authorities are actively investigating related activities, including the operation of 'laptop farms' in the United States facilitating this illicit employment network.
Key Points
Amazon has blocked more than 1,800 job applications suspected to be from North Korean operatives attempting to secure remote IT jobs using stolen or forged identities.
Stephen Schmidt, Amazon's chief security officer, disclosed the fraudulent activity via LinkedIn, highlighting the threat to corporate hiring processes.
The primary goal of these applicants is to receive payment and funnel money back to North Korea to support its weapons programs.
These operatives often collaborate with 'laptop farms'—computer systems physically located in the U.S. but operated remotely from abroad.
The number of suspected North Korean job applications to Amazon has risen by about one-third over the past year.
U.S. and South Korean authorities have warned about scams related to Pyongyang and have taken legal action against 29 laptop farms run illegally in the U.S.
Some U.S.-based brokers have been indicted for aiding these operatives in obtaining employment.
A woman in Arizona was sentenced to over eight years in prison for running a laptop farm that contributed to this scheme, which has generated over $17 million for North Korea.
Risks
- Continued infiltration attempts by foreign operatives using fraudulent job applications could compromise U.S. technology firms' networks and data.
- The operational sophistication of laptop farms operated remotely poses challenges for detection and enforcement within U.S. borders.
- Employment fraud facilitates the covert flow of funds that support North Korea’s weapons programs, posing a national security threat.
- Similar fraudulent applications may go undetected in other U.S. tech companies, expanding the risk surface.
- Involvement of domestic brokers in facilitating these schemes indicates insider risks within the hiring ecosystem.
- The increase in suspicious applications suggests a growing persistence and scale of this threat over time.
- Legal and regulatory frameworks may struggle to keep pace with evolving cyber-enabled employment fraud methods.
- The financial losses and reputational damage to companies affected can be significant if these schemes are successful.
Disclosure
This article is based solely on information provided in the original statement by Amazon.com and related official sources, without any addition of external facts or interpretations. It aims to present a factual account of the reported security concerns involving suspected North Korean operatives submitting fraudulent job applications to Amazon.