In a significant cybersecurity revelation, US tech behemoth Amazon has disclosed that it prevented more than 1,800 individuals from North Korea from joining the company. This action comes as Pyongyang systematically dispatches a large number of IT professionals abroad to generate and launder foreign currency for the isolated state.
Amazon's Security Chief Sounds the Alarm
Stephen Schmidt, the Chief Security Officer of Amazon, detailed the situation in a LinkedIn post last week. He stated that workers linked to North Korea have been actively "attempting to secure remote IT jobs with companies worldwide, particularly in the US". Schmidt highlighted a worrying trend, noting that the company witnessed a nearly one-third increase in such applications from North Koreans in the past year alone.
He explained the common modus operandi, which involves the use of "laptop farms". This technique entails a computer physically located in the United States being operated remotely from outside the country, often from North Korea itself. Schmidt was quick to point out that this is not an issue exclusive to Amazon, warning that "is likely happening at scale across the industry".
Red Flags and a Multi-Million Dollar Scheme
The Amazon executive outlined several tell-tale signs that help identify these fraudulent applications. These include incorrectly formatted phone numbers and suspicious or falsified academic credentials. This cyber infiltration has already led to serious legal consequences in the United States.
In a related case from July, a woman based in Arizona was sentenced to more than eight years in prison for operating a laptop farm that assisted North Korean IT workers in landing remote positions at over 300 US companies. US officials revealed that this elaborate scheme generated a staggering more than $17 million in revenue, which was funneled to both the operator and the North Korean regime.
A Long-Standing Cyber Warfare Programme
Analysts confirm that this activity is part of North Korea's sophisticated and state-sponsored cyber operations. Hong Min, an analyst at the Korea Institute for National Unification, told AFP that "North Korea is actively training cyber personnel and infiltrating key locations worldwide". Regarding the Amazon case, he added, "Given Amazon's business nature, the motive seems largely economic, with a high likelihood that the operation was planned to steal financial assets."
North Korea's cyber-warfare ambitions are not new, dating back to at least the mid-1990s. According to a 2020 US military report, it has since evolved into a formidable 6,000-strong cyber unit known as Bureau 121, which operates from several countries across the globe.
The international community has taken note. In November, the United States government announced sanctions on eight individuals accused of being 'state-sponsored hackers'. Their illicit activities were allegedly conducted "to fund the regime's nuclear weapons programme" through theft and money laundering. The scale of this financial crime is immense; the US Department of the Treasury has accused North Korea-affiliated cybercriminals of stealing over $3 billion in the past three years, primarily in cryptocurrency.
This incident also echoes a warning from last year by Seoul's intelligence agency, which stated that North Korean operatives had used professional networks like LinkedIn to pose as recruiters. Their target was South Koreans working in defence firms, from whom they sought to obtain sensitive technological information.
