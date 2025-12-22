Amazon has blocked over 1,800 suspected DPRK applications since April 2024

Amazon has blocked over 1,800 suspected North Korean applications from joining the company since April 2024, it has revealed.

"Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime's weapons programs," company Chief Security Officer Stephen Schmidt wrote in a LinkedIn post.

The company is using artificial intelligence and human verification to stamp out "anomalies" and "geographic inconsistencies" to rule out such applications, with DPRK-affiliated application detections up 27% this year.

The scams involve real developers using fake or stolen identities to apply for remote jobs at US and European companies, and emerging AI tools are proving a big hit in strengthening their cases. AI and fake social media profiles are being used to strengthen applications, while deepfakes are even being used to (try to) pass video interviews.

However, even though Amazon has been able to leverage AI to identify even more fake applications, detection is getting harder with scammers hijacking real engineers' unused LinkedIn accounts via stolen credentials.

While tech may be helping Amazon's security team identify fake applications, some signs are still clear to the human eye. For example, Schmidt says the team often sees applicants citing an education from a university that doesn't offer the claimed course. Some formatting details, like adding the international '+' symbol to phone numbers, also stand out.

The CSO urges victims of false, DPRK applications to report them to the FBI and local law enforcement.

Amazon isn't the only company facing these threats. Just six months ago, Microsoft shared similar findings, noting that North Korean remote IT workers are using AI to enhance photos, swap faces on stolen IDs, finetune their job applications and even use voice-changing software.

According to Microsoft, more than 300 US companies, including Fortune 500 firms, unknowing hired such workers between 2020 and 2022.

Redmond's report suggests monitoring odd behavior, like the use of foreign IPs and VPNs, never appearing on camera in video calls and working strange hours.

