Amazon has blocked more than 1,800 job applications linked to suspected North Korean operatives since April 2024, warning that routine corporate hiring pipelines are being exploited as covert revenue channels for Pyongyang's weapons programs, according to the company's chief security executive.
The disclosure places Amazon at the center of a growing effort by U.S. companies to counter state-backed employment fraud tied to North Korea, as remote work expands the attack surface for cyber-enabled financial operations. Amazon said the activity has accelerated sharply in 2025, mirroring patterns identified by U.S. law enforcement and intelligence agencies.
"Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime's weapons programmes," said Stephen Schmidt, Amazon's chief security officer, in a LinkedIn post. Schmidt added, "At Amazon, we've stopped more than 1,800 suspected DPRK operatives from joining since April 2024, and we've detected 27% more DPRK-affiliated applications quarter over quarter this year."
According to Amazon, the applications are often supported by so-called "laptop farms" - networks of U.S.-based computers remotely controlled from abroad - that allow operatives to appear as domestic employees while concealing their true location. Schmidt said the applicants frequently hijack dormant professional profiles, impersonate real software engineers, and tailor résumés to evade automated screening tools.
The company said it has expanded its use of artificial intelligence systems combined with manual reviews to identify inconsistencies such as mismatched phone numbers, implausible education histories, and irregular interview behavior. Schmidt urged companies across the technology sector to report suspicious cases immediately if "something feels off."
The private-sector push coincides with a broader U.S. government crackdown. In June, federal authorities dismantled 29 laptop farms operating across the United States that were linked to North Korean IT workers, according to the U.S. Department of Justice. Prosecutors said stolen or forged U.S. identities were used to place operatives in hundreds of American companies.
One Arizona woman was sentenced to more than eight years in prison for running a laptop farm that helped North Korean workers secure remote jobs at more than 300 U.S. companies, generating over $17 million that investigators said was funneled back to Pyongyang to support weapons development.
U.S. officials say the employment schemes run parallel to North Korea's expanding cybercrime operations. Research firm Elliptic estimates that North Korean-linked hacking groups, including Lazarus, stole $2 billion in cryptocurrency in 2025 alone, a record figure that Western governments believe contributes directly to missile and nuclear programs.
Those thefts are significant relative to the country's economy. The United Nations estimates North Korea's gross domestic product at roughly $15.17 billion in 2024, meaning cyber theft could represent nearly 13% of annual output.
