Amazon says it blocked more than 1,800 applicants from North Korea after a nearly 30% rise in suspicious submissions over the past year. The company and analysts warn many applicants use "laptop farms" — US-based machines remotely controlled to conceal true origins — a tactic linked to state-backed cyber fundraising and theft. Authorities have prosecuted operators of such farms and the US has sanctioned individuals tied to broader North Korean cybercrime that has stolen billions, mainly in cryptocurrency.
Amazon Says It Blocked More Than 1,800 North Korean Job Applicants Amid Rising 'Laptop Farm' Threats
US tech giant Amazon has said it blocked over 1,800 North Koreans from joining the company (JONAS ROOSENS)(JONAS ROOSENS/BELGA/AFP)
Amazon, the US technology giant, says it has blocked more than 1,800 applicants from North Korea after detecting a sharp rise in suspicious remote job applications. The company’s Chief Security Officer, Stephen Schmidt, warned that the pattern — part of a broader campaign to generate revenue and launder funds — is likely affecting other firms across the industry.
What Amazon Reported
In a LinkedIn post, Schmidt said North Korean candidates had been "attempting to secure remote IT jobs with companies worldwide, particularly in the US." Amazon reported nearly a one-third increase in applications from North Korea over the past year and flagged telltale signs such as incorrectly formatted phone numbers and questionable academic credentials.
How "Laptop Farms" Operate
Schmidt and investigators describe so-called "laptop farms": computers physically located in the United States that are operated remotely from abroad to mask the true location of job applicants. These setups allow North Korean IT workers to appear to employers as regular remote employees while their connections and control are routed through machines on US networks.
Notable Incidents
In July, an Arizona woman was sentenced to more than eight years in prison for running a laptop farm that enabled North Korean IT workers to secure remote roles at over 300 US companies. Authorities said the scheme generated more than $17 million in revenue for the operator and for North Korea.
Regional And Global Context
South Korea’s intelligence service has warned that North Korean operatives have used LinkedIn to pose as recruiters and contact South Koreans at defense firms to collect technical information. "North Korea is actively training cyber personnel and infiltrating key locations worldwide," Hong Min, an analyst at the Korea Institute for National Unification, told AFP. He added that Amazon’s case appears primarily economically motivated, with a high likelihood that operations aim to steal financial assets.
State-Linked Cyber Units And Sanctions
North Korea’s cyber-warfare program dates back to at least the mid-1990s and, according to a 2020 US military report, has grown into a roughly 6,000-strong unit known as Bureau 121 operating from multiple countries. In November, the US sanctioned eight individuals accused of being state-sponsored hackers who conducted illicit operations to fund the regime’s nuclear program. The US Department of the Treasury has attributed more than $3 billion in thefts to North Korea-affiliated cybercriminals over the past three years, primarily via cryptocurrency.
Why It Matters: The use of remote infrastructure to disguise the origin of applicants and operations complicates corporate hiring, cybersecurity, and international efforts to cut off illicit revenue streams that support sanctioned programs.
