North Korea Laptop Farms, Cyberoperatives
North Koreans have been seeking remote jobs in the US or globally, with stolen or forged identities to find work, and remit funds to finance the military and nuclear agendas of North Korea. Shamin Haky/Unsplash

Amazon has revealed it is fighting a sustained and highly organised attempt by suspected North Korean operatives to infiltrate global companies through remote working roles.

According to the tech giant, more than 1,800 job applications linked to North Korea have been blocked since April 2024, as the regime allegedly seeks to place covert IT workers inside Western firms to generate cash for its weapons programmes.

The disclosure, made by Amazon's top security executive, highlights how ordinary recruitment pipelines have become a frontline in modern cyber warfare, with companies increasingly forced to act as gatekeepers against state-backed financial espionage.

'Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime's weapons programmes,' said Amazon Chief Security Officer Stephen Schmidt, in a LinkedIn post.

According to Schmidt, the prevalence of such tactics is probably widespread globally across the tech industry and poses a significant security concern.

'At Amazon, we've stopped more than 1,800 suspected DPRK operatives from joining since April 2024, and we've detected 27% more DPRK-affiliated applications quarter over quarter this year,' he wrote.

Cyberoperatives of North Korea, how does it work?

According to Schmidt, North Korean agents commonly collaborate with the so-called laptop farms, or networks of computers located in the US, controlled remotely, but outside of the country.

These farms support the handling of various fraudulent job applications and remote working jobs.

The strategies of these hackers have become more advanced.

Hackers use old, forgotten LinkedIn accounts to pose as someone they're not. They tend to go after real software engineers, which throws off automated systems trying to spot fakes from actual candidates.

Schmidt says if something feels off, businesses need to report it to the authorities immediately.

Employers need to keep an eye out for red flags, like weird phone number formats or education histories that don't add up.

To fight this, Amazon has utilised a combination of artificial intelligence (AI) applications and employee checks to detect and prevent suspicious applications.

Crackdown on Laptop Farms by US Authorities

North Korea Laptop Farms in Arizona
Laptop farm operated by Christina Chapman for North Korea, photographed during a government raid of her home in October 2023 Federal Bureau of Investigation/Wikimedia Commons

The American government has worked harder to break down North Korean operations.

In June, security agents discovered 29 laptop farms in the country run by North Korean IT employees. These farms acquired US identities through theft or forgery to be employed in US businesses, which made it easy to transfer their earnings back to North Korea.

US brokers who assisted in placing North Korean operatives in their positions were also indicted by the Department of Justice (DOJ).

One such instance was of an Arizona woman who served a prison term of more than eight years after she was found running a laptop farm which assisted North Korean agents in receiving remote jobs in more than 300 US companies.

The black-market operation brought in more than $ 17 million (PS12.6 million), which was transported back to the capital, Pyongyang, to finance its weaponry programme.

Increasing Menaces Within Cryptocurrency Space

In line with the trend of employment fraud, North Korean hackers have turned to cryptocurrency funds, particularly targeting high-net-worth individuals.

Research by Elliptic also notes that North Korean cybercriminal organisations such as Lazarus have, in 2025 alone, stolen $2B (PS1.49 billion), a record high.

These stolen funds have reached almost 13% of North Korea's estimated GDP, which the UN estimates was approximately $15.17B in 2024.

Even though, in the past, North Korean agents focused their efforts on breaking into crypto exchanges and committing other massive heists, they are currently targeting individual investors with significant wealth.

The stolen funds are suspected by Western security agencies to be used in funding the North Korean nuclear and missile programmes.

Global Security Implication

Employment by fraud and cyberattacks underscores how North Korea is changing strategies to raise income and finance its military ambitions.

Its denial of its role in cyber operations does not sit well with most security analysts, given its consistent attempts to lay the blame for such activities on the regime.

The US and South Korea are ramping up efforts to shut down these operations. The laptop farm raids and arrests prove there's momentum. But the tactics keep evolving. The threat keeps growing.

Amazon fights its battle with AI tools and human reviewers working together to catch the fakes. Other companies will need to follow suit.

Because the spies aren't slowing down, they're getting smarter.

Writer's pick
North Korea