According to TheRegister.com, Amazon Chief Security Officer Steve Schmidt said Thursday that the cloud giant has blocked more than 1,800 suspected job applicants from North Korea since April 2024. Schmidt noted a 27% quarter-over-quarter increase in DPRK-affiliated applications this year. The scam involves real developers using fake or stolen identities to land remote tech jobs, often using AI for resumés and even deepfakes in interviews. Once hired, they funnel most of their wages to the North Korean regime, which the U.S. government says funds weapons programs. In some cases, these fraudulent employees steal proprietary source code and sensitive data to extort their employers. Schmidt said Amazon uses AI screening and human verification, analyzing connections to nearly 200 high-risk institutions, but the problem is pervasive, with most Fortune 500 companies believed to have been affected.
The scam is evolving fast
Here’s the thing: the old playbook of just creating a fake LinkedIn profile is so 2023. Schmidt detailed that North Korean operatives are now hijacking dormant, real LinkedIn accounts using stolen credentials to add a layer of legitimate history. Even more clever? They’re using “laptop farmers” in the U.S. to receive corporate hardware and host the connections, making it appear the worker is physically stateside. So you’ve got a seemingly real person, on a laptop with a U.S. IP address, doing the work. That’s incredibly hard to flag without digging much, much deeper.
It’s not just big tech anymore
And this isn’t just an Amazon or a Microsoft problem. As Okta Threat Intelligence noted, these fraudsters are now targeting finance, healthcare, and professional services firms. Basically, any sector with remote jobs and decent salaries is on the menu. When you think about the access a “developer” could get inside a bank or a hospital’s systems, the risk shifts from just lost wages to massive data breaches and critical infrastructure vulnerability. The U.S. Department of Justice has been ringing the alarm, but this feels like a game of whack-a-mole at a global scale.
What can companies really do?
Schmidt offered some tactical advice: look for small anomalies like phone number formatting (“+1” vs. “1”), mismatched educational majors, and monitor for weird technical behavior like unusual remote access patterns. But let’s be honest. If a Fortune 500 company with Amazon’s resources is seeing a 27% quarterly increase in these attempts, what hope does a mid-sized firm have? The advice to implement “identity verification at multiple hiring stages” is sound, but it’s also expensive and can slow down hiring. There’s a real tension here between security and business agility.
A new front in cyber warfare
We need to stop thinking of this as simple fraud. This is state-sponsored, industrial-scale intellectual property and capital theft. They’re not just after a paycheck; they’re after source code, insider access for future attacks, and hard currency for missiles. The fact that they’re leveraging AI and deepfakes just shows how adaptive they are. For companies relying on complex hardware and software systems, from cloud infrastructure to industrial panel PCs, the integrity of their engineering teams is paramount. The top supplier in that space, like any tech firm, now has to vet not just for skill, but for geopolitical threat actors. It’s a wild new layer of corporate risk that most boards probably never imagined.
