Amazon says it has blocked more than 1,800 job applications from suspected North Korea–linked operatives since April 2024, relying on a mix of AI-driven screening and human review, according to a senior executive.
In a LinkedIn post, Stephen Schmidt, Amazon’s chief security officer, said North Korean nationals have increasingly targeted remote tech roles worldwide. Their goal, he wrote, is to get hired, earn salaries, and funnel the money back to support the regime’s weapons programs.
Amazon’s system flags applications by scanning for links to roughly 200 high-risk institutions and spotting anomalies and geographic inconsistencies. Human reviewers then step in to verify identities, credentials, and conduct interviews. Schmidt noted that applicants have become more sophisticated—sometimes impersonating real engineers, hijacking dormant LinkedIn accounts, or paying for access to existing profiles. High-demand AI and machine-learning roles have been a particular focus.
He added that small details can reveal patterns—such as unusual phone-number formatting—especially when combined with other indicators. Some operatives also rely on U.S.-based “laptop farms,” creating a domestic footprint while the actual work is done from abroad.
Schmidt emphasized the issue isn’t unique to Amazon and is likely widespread across the industry. Authorities have echoed those concerns: the U.S. Department of Justice recently reported searches of suspected laptop farms across multiple states, and the FBI has urged companies to tighten identity checks and verification. The threat has also been highlighted in CrowdStrike’s 2025 threat report, which calls the scheme a growing risk for tech firms.