• Amazon has blocked over 1,800 job applications from suspected North Korean operatives.
• Applications increased nearly one-third over the past year, indicating an ongoing trend.
• North Koreans use "laptop farms" to gain remote access to jobs in the US.
• Indicative signs of fraud include poorly formatted phone numbers and questionable credentials.
• The scheme has generated significant revenue, facilitating regime funding.

Amazon has reported blocking over 1,800 job applications from North Korean individuals, as the regime appears to be deploying large numbers of IT workers abroad to earn and launder funds. In a LinkedIn post, Amazon’s Chief Security Officer Stephen Schmidt noted that there has been a nearly one-third increase in applications from North Koreans this past year, with attempts specifically to secure remote IT positions within the US and abroad, according to SCMP and BBC.

Schmidt elaborated that North Koreans typically operate these applications from “laptop farms"—computers located in the US but controlled remotely. He emphasized that this issue is not exclusive to Amazon and is likely occurring at various levels across the tech industry. Employers should be vigilant for warning signs, such as incorrectly formatted phone numbers and dubious academic credentials, according to IndiaTimes and Channel News Asia.

The security concerns surrounding North Korean cyber activities were underscored by a case in July, where a woman in Arizona was sentenced to over eight years in prison for running a laptop farm that helped North Korean IT workers secure over 300 jobs at US companies, generating upwards of $17 million in revenue for her and the North Korean regime. This highlights the far-reaching consequences of these fraudulent operations that also raise alarms about the potential for funding weapons programs, as noted by both Schmidt and intelligence reports, according to SCMP, BBC, and IndiaTimes.

Moreover, South Korea's intelligence agency has warned that North Korean operatives have been posing as recruiters on platforms like LinkedIn to extract sensitive information from South Korean defense employees. Analysts have indicated that this offensive is intended to bolster the North's cyber capabilities, which have been growing since the mid-1990s and are believed to encompass a significant unit known as Bureau 121, operational from various countries globally. The broader implications include attempts not only to secure financial gains but also technological advancements potentially applied to state-sponsored crimes, according to IndiaTimes and Channel News Asia.