Over the past 20 months, Amazon has blocked more than 1,800 people suspected of being North Korean agents from applying for jobs, a company executive said.
Stephen Schmidt, Amazon’s chief security officer, said in a LinkedIn post that North Korean nationals have sought remote technology jobs at companies around the world in recent years.
“Their purpose is usually straightforward: get hired, get paid, and funnel those wages into funding the regime’s weapons program,” Schmidt wrote.
Amazon uses a combination of AI-powered screening and human verification to detect and block such applications, Schmidt continued.
The company’s AI model searches for connections with approximately 200 “high-risk institutions” and analyzes “application-wide anomalies” and “geographic inconsistencies.”
Human reviewers then conduct background checks, verify credentials and conduct interviews, he added.
Schmidt said scammers are becoming increasingly “calculative” and many are targeting genuine software engineers in an effort to gain their trust.
Others may try to take over dormant LinkedIn accounts or pay for access to existing profiles, he continued.
He added that AI and machine learning roles are increasingly being targeted due to high demand.
“You can see that in the details,” Schmidt continued. “For example, these applicants often format their U.S. phone numbers as a “+1” instead of a “1.” This alone means nothing. When combined with other indicators, a picture is painted. ”
Schmidt said the operatives often work in “laptop farms.” “Laptop farms” are U.S.-based locations that remain based in the country while workers operate remotely from overseas.
“This is not unique to Amazon,” Schmidt added. “This could be happening at scale across the industry.”
In July, an Arizona woman was sentenced to 102 months in prison for helping North Korean IT workers secure remote IT jobs at more than 300 U.S. companies.
The Justice Department said the laptop farming scheme generated more than $17 million in illegal income for the women and North Korea.
CrowdStrike’s 2025 Threat Hunting Report found that North Korea’s remote workforce program poses a growing threat.
Schmidt said Amazon detected 27% more North Korea-related applications this year compared to the previous quarter.
In June, the Department of Justice announced that authorities had conducted raids on 29 known or suspected “laptop farms” in 16 U.S. states. According to the report, North Korean actors were able to obtain employment with more than 100 American companies.
The Justice Department did not name the companies, but said it included Fortune 500 companies.
The FBI recommends that companies scrutinize identification documents, verify previous employment and educational background, and require face-to-face interviews.
