Amazon Blocks Over 1,800 North Koreans Seeking Remote Jobs

Amazon has taken significant steps to prevent over 1,800 North Korean nationals from applying for jobs within the company. This action comes as the North Korean government sends a growing number of IT workers abroad in an effort to earn and launder funds. In a recent post on LinkedIn, Amazon’s Chief Security Officer Stephen Schmidt highlighted that these workers have been attempting to secure remote IT positions, particularly with companies in the United States.

Schmidt noted a troubling trend, with applications from North Koreans increasing by nearly a third over the past year. He explained that many of these individuals operate through “laptop farms,” utilizing computers based in the United States but controlled remotely from North Korea. This practice raises concerns not only for Amazon but also for the broader tech industry, as Schmidt warned that the issue may be widespread.

Signs of North Korean Applications

In his assessment, Schmidt identified specific indicators of North Korean applicants. These signs include improperly formatted phone numbers and questionable academic credentials. The risks associated with these applications are not merely theoretical; in July, a woman in Arizona received a prison sentence of more than eight years for running a laptop farm. This operation aided North Korean IT workers in securing remote jobs at over 300 US companies, generating more than US$17 million in revenue for both her and the North Korean regime.

The South Korean intelligence agency has previously issued warnings about North Korean operatives using LinkedIn to pose as recruiters. Their aim was to approach South Koreans employed in defense sectors to extract sensitive information regarding technological advancements.

North Korea’s Cyber Operations

The activities of North Korea’s cyber personnel are not new. Hong Min, an analyst at the Korea Institute for National Unification, stated, “North Korea is actively training cyber personnel and infiltrating key locations worldwide.” He emphasized that given Amazon’s operational nature, the motives behind these attempts likely center around economic gain, with a strong possibility of planning aimed at stealing financial assets.

North Korea’s cyber-warfare initiatives date back to at least the mid-1990s and have evolved into a robust unit known as Bureau 121, which reportedly comprises around 6,000 personnel operating from various countries. According to a report by the US military in 2020, this unit has been actively engaged in cyber operations that threaten global security.

In a related effort to combat cybercrime, the US Department of the Treasury announced sanctions in November against eight individuals alleged to be state-sponsored hackers. These individuals are accused of conducting illicit operations to finance North Korea’s nuclear weapons program by stealing and laundering money. Over the past three years, North Korean-affiliated cybercriminals have reportedly stolen more than US$3 billion, primarily in cryptocurrency.

The ongoing challenges posed by North Korean cyber activities underscore the importance of vigilance in the tech industry. As companies like Amazon take proactive measures to block these efforts, the need for comprehensive cybersecurity strategies remains paramount.