Amazon Blocked 1,800 North Korean It Infiltration Attempts

Amazon blocked 1800 North Korean IT infiltration attempts

Amazon’s security chief says the company stopped more than 1,800 suspected DPRK-linked hiring attempts, as governments and firms warn the “fake remote worker” threat is growing.​

Lead

Amazon says it has identified and blocked more than 1,800 attempts by North Korea-linked operatives to land IT roles at the company, according to comments from Amazon Chief Security Officer Steve Schmidt at an Amazon-hosted event this week. The disclosure adds detail to a broader, fast-evolving threat: North Korean “remote IT worker” schemes that use fake or stolen identities to obtain legitimate jobs, access company systems, and generate revenue for Pyongyang.​

What Amazon reported

Schmidt said Amazon’s teams have “identified and blocked more than 1,800” suspected North Korea attempts to secure IT positions at Amazon. He also described the activity as “prolific” and warned that many organizations underestimate organized efforts to get people hired specifically to reach valuable data.​

Amazon’s security chief linked the risk to roles that can provide access to sensitive systems and highly valuable information, pointing to the attractiveness of well-paid positions—particularly around AI/ML work—and the “troves of valuable data” those roles can touch. Amazon also said it has seen a 27% quarter-over-quarter increase in the number of suspected North Korean applications during 2025.​

Schmidt described how the playbook has shifted over time—from fully fabricated online personas to the use of identities purchased from Americans with legitimate backgrounds—making fraud harder to spot using traditional résumé screening alone.​

How the infiltration attempts work

Industry and government reporting describes a consistent pattern: operators apply for remote IT jobs using fraudulent identities, get hired, and then work from outside the target country while appearing to be local—sometimes with help from facilitators. In some cases, facilitators physically host corporate laptops (commonly described as “laptop farms”) so overseas workers can remotely access employer-issued devices while geolocating as if they are inside the U.S.​

The U.S. Department of Justice has publicly described these schemes as involving North Korean individuals fraudulently obtaining remote IT employment at U.S. companies using stolen and fake identities. The Record reported that the DOJ and FBI described laptop-farm activity enabling North Koreans to illegally work at more than 100 U.S. companies, with some incidents involving access to sensitive employer data and source code, including ITAR-related data at a defense contractor.​

The FBI has also warned that, once discovered on networks, some North Korean IT workers have escalated into data extortion—stealing proprietary information (including source code) and threatening to release it unless paid. The FBI warning specifically noted that workers have copied company code repositories (for example, GitHub repositories) to personal accounts and cloud storage, creating large-scale intellectual-property risk.​

Key timeline and signals

The Amazon disclosure arrives amid a steady cadence of public warnings, enforcement actions, and threat-intelligence reporting tied to North Korean remote-worker tactics.​

Date (published) What happened Why it matters
June 30, 2025 Microsoft Threat Intelligence reported tracking North Korean remote IT worker activity as “Jasper Sleet” and said it suspended 3,000 Microsoft consumer accounts created by North Korean IT workers. ​ Shows scale and the use of mainstream consumer platforms in the identity-and-application pipeline. ​
June 29, 2025 The Record reported DOJ action targeting “laptop farms,” saying FBI officials believed the farms enabled illegal work at more than 100 U.S. companies and describing cases involving sensitive data and source code exposure. ​ Highlights how physical infrastructure inside the U.S. can make remote infiltration look legitimate to employers. ​
July 2, 2025 DOJ announced coordinated nationwide actions to combat North Korean remote IT worker schemes using stolen/fake identities to gain employment with U.S. companies. ​ Signals a whole-of-government disruption approach, not just corporate defenses. ​
Dec. 16, 2025 Amazon CSO Steve Schmidt said Amazon blocked more than 1,800 suspected North Korean attempts to secure IT roles, and described the activity as prolific. ​ One of the clearest big-tech datapoints quantifying attempted hiring-based intrusion at a single firm. ​

How Amazon says it detects attempts

Amazon says its defenses combine automation and human review, and Schmidt said the company has refined parts of this process over the past two years. He described AI-enabled tools trained to look for suspicious patterns, alongside human-led prevention efforts that validate identity and detect anomalous signals.​

Schmidt gave concrete examples of indicators Amazon looks for, including how some operatives list contact details—such as using a plus symbol at the front of a phone number, which he said most Americans do not do. He also said Amazon has identified roughly 200 academic institutions that show up repeatedly on résumés used by suspected IT worker operatives.​

More broadly, Amazon described deploying AI to speed up security analysis work and to spot suspicious activity at scale, reflecting how large platforms are trying to meet automation with automation.​

Why this threat is rising across the tech sector

Threat reporting suggests the “North Korean IT worker” model is expanding in reach and efficiency, partly because remote work has normalized distributed engineering teams and cross-border contracting. Fortune reported that CrowdStrike observed a sharp rise in companies unknowingly hiring North Korean software developers, describing a 220% increase over 12 months and estimating infiltration into more than 320 companies in that period.​

The operational incentives are clear: these jobs can generate steady salary income and offer pathways to sensitive access, including source code, credentials, and internal documentation. As the DOJ has described, the schemes can involve identity theft and organized facilitation to bypass background checks and appear legitimate during onboarding.​

The risk is not limited to payroll fraud, because access to code repositories and internal systems can open doors to follow-on compromise, intellectual-property theft, or extortion—outcomes the FBI has explicitly warned about.​

What companies can do now

Security and law-enforcement reporting points to a practical takeaway: hiring is now part of the security perimeter, and defenses must cover identity proofing, device logistics, and continuous monitoring. Steps commonly emphasized across these reports include verifying identity and location at multiple points (not only at offer stage), scrutinizing patterns in contact information and résumé metadata, and monitoring for unusual code-repository behavior such as large-scale copying or unexpected uploads to personal accounts.​

Organizations can also reduce exposure by tightening controls around employer-issued laptops (shipping, custody, and verification), and by implementing monitoring that detects remote-access tooling patterns consistent with “laptop farm” enablement described in DOJ-linked reporting. Finally, firms should ensure incident-response and legal processes are prepared for extortion scenarios, because the FBI has warned that stolen proprietary data and code have been used as leverage for ransom demands and, in some cases, public release threats.​

What happens next

Amazon’s report that it blocked 1,800 suspected North Korean IT infiltration attempts underscores how aggressively the DPRK-linked remote-worker pipeline is targeting high-trust technical roles at major companies. With Microsoft describing thousands of consumer accounts tied to the ecosystem and DOJ actions targeting facilitators and laptop farms, the public record increasingly shows a full-stack operation spanning identity fraud, infrastructure, and post-hire data risk.​

For employers, the implication is straightforward: robust hiring verification, tighter device controls, and monitoring for data-exfiltration and code-theft behaviors are now essential to protecting systems—because the “intruder” may arrive through onboarding, not a phishing email.​


Subscribe to Our Newsletter

Related Articles

Top Trending

Project-Based Learning Tech for kids
Project-Based Learning Tech: A Practical Guide for Kids, Homeschool, and Hands-On Learning
Why Brazil Has Only 3 World Cup Trophies
Why Does Brazil Have Only 3 World Cup Trophies Despite Winning 5 Times?
Reducing Fashion Waste
Reducing Fashion Waste: How to Fix, Clean, and Preserve Your Wardrobe
Realistic workspace showing a large screen with a Pillar and Cluster Content Model diagram for SEO content planning.
Pillar and Cluster Content Model: SEO Topic Hubs Explained
Bes Technical SEO Startup for Fintech in United Arab Emirates
10 Bes Startup Technical SEO Agencies for Fintech in United Arab Emirates

Fintech & Finance

Tracking Small-Cap Stocks on Fintechzoom.com Russell 2000
Fintechzoom.com Russell 2000: The Complete Guide to Tracking Small-Cap Stocks in 2026
Organizational Bottlenecks and How to Address Them
10 Organizational Bottlenecks: Here’s How to Address Them
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs
Founder comparing the Best Accounting Tools for Founders on a startup finance dashboard
9 Best Accounting Tools for Founders to Keep Startup Finances Clean
Rise of SpaceX Stock Price
The Rise of SpaceX Stock Price: Understanding the Factors Driving Market Interest 

Sustainability & Living

Reducing Fashion Waste
Reducing Fashion Waste: How to Fix, Clean, and Preserve Your Wardrobe
Finnish MaaS Platforms
5 Finnish MaaS Platforms Redefining Global Public Transit Integration
Recyclable symbol meaningless
The Recyclable Symbol Has Lost All Meaning: The Chasing Arrows Lie
plastic-free bathroom
Plastic-Free Bathroom Routine: A Practical Way to Cut Waste Without Making Your Life Harder
transportation choices that lower emissions
7 Transportation Choices That Lower Emissions Without Making Daily Life Impossible

GAMING

why AAA games look the same
Why AAA Games Look the Same Even When They Cost More Than Ever
Foullrop85j.08.47h Gaming
Foullrop85j.08.47h Gaming: What It Really Is and Why You Should Be Skeptical
Live Service Killed Creativity
Live Service Killed Creativity, and the Industry Knows It
AI-Powered Playtesting
Top 10 Gaming SMEs and Startups Specializing in AI-Powered Playtesting in the United States
Best Gaming Communities
25 Gaming Communities and Platforms You Must Join Today

Business & Marketing

best templates founders
11 Best Templates Founders Need to Build Smarter
Promotional talent live events
How Promotional Talent Helps Brands Make an Impact at Live Events
Organizational Bottlenecks and How to Address Them
10 Organizational Bottlenecks: Here’s How to Address Them
best accelerator programs
8 Best Accelerator Programs: A Practical Founder’s Guide to Funding and Strategic Fit
best startup blogs
The 10 Best Startup Blogs: A Practical Guide for New Founders

Technology & AI

How to Make Consistent Characters in AI Image Generators
How to Make Consistent Characters in AI Image Generators [Complete Workflow]
best templates founders
11 Best Templates Founders Need to Build Smarter
Community-Building SaaS Tactics
7 Community-Building Tactics for SaaS
referral tactics SaaS
8 Referral Tactics for SaaS Teams That Want Better Word-of-Mouth Growth
AI Voiceover Platforms
7 Best AI Voiceover Platforms Worth Using: The Ultimate Guide

Fitness & Wellness

Stretching Accessories That Make a Difference
7 Stretching Accessories That Make a Difference for Flexibility, Mobility, and Recovery
air quality wellness devices
13 Air Quality and Wellness Devices Worth Considering for a Healthier Home
habits reduce stress
7 Habits That Reduce Stress Long Term and Feel Calmer Daily
habits better focus
11 Habits for Better Focus That Actually Work
meditation aids tools
11 Meditation Aids and Tools That Support Daily Calm