Amazon blocks 1,800 job applications linked to suspected North Korean hackers

Amazon has blocked more than 1,800 job applications it identified as linked to suspected North Korean operatives attempting to secure remote information technology roles using stolen or forged identities, according to people familiar with the matter.

The activity forms part of a wider effort by North Korean agents to obtain employment with US technology companies, with wages allegedly being routed back to Pyongyang to support government programs, including weapons development, says the BBC.

Security experts say the methods used by the operatives have grown more sophisticated. In some cases, applicants assumed the identities of legitimate software engineers, including by taking over inactive LinkedIn accounts to present credible professional profiles to recruiters.

The operatives also relied on so-called "laptop farms," in which computers physically located in the United States are accessed remotely from overseas, allowing workers to appear to be based domestically. In 06 June, US authorities said they uncovered 29 illegal laptop farms operating across the country.

According to US officials, one such laptop farm that provided access to more than 300 US companies generated over $17 million in illicit revenue for its organizers and the North Korean government.

Amazon screens job applicants using a combination of artificial intelligence tools and manual reviews conducted by staff, the sources said. Cybersecurity specialists advising employers recommend close scrutiny of applications for inconsistencies, including mismatched education histories and improperly formatted phone numbers, which can indicate fraudulent activity.

US authorities have previously warned that North Korea has increasingly turned to cyber-enabled schemes and overseas employment fraud as a means of generating foreign currency amid international sanctions.