Amazon has blocked more than 1,800 suspected North Korean applicants from joining the company since April 2024, TechRadar reports. Amazon’s Chief Security Officer, Stephen Schmidt, said in a LinkedIn post that DPRK-linked applications have increased by 27% quarter over quarter this year.
“Their LinkedIn strategies are getting sophisticated,” Schmidt wrote. “We're seeing them hijack dormant accounts through compromised credentials to gain verification. We've also identified networks where people hand over access to their accounts in exchange for payment.”
Schmidt said Amazon has observed the following indicators associated with DPRK applicants:
- “They're increasingly targeting AI and machine learning roles, likely because these are in higher demand as companies adopt AI.
- These operatives often work with facilitators managing "laptop farms": U.S. locations that receive shipments and maintain domestic presence, while the worker operates remotely from outside the country.
- Educational backgrounds keep changing. We've watched the strategy shift from East Asian universities, to institutions in no-income-tax states, to now California and New York schools. We look for degrees from schools that don't offer claimed majors, or dates misaligned with academic schedules.”
Schmidt added, “This isn't Amazon-specific. This is likely happening at scale across the industry.”
These fraudulent job applicants use social engineering to obtain remote employment at foreign companies, then transfer their salaries to the North Korean government. TechRadar cites a recent report from Microsoft that found that hundreds of U.S. companies, including many Fortune 500 firms, have unknowingly hired these workers.
AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
TechRadar has the story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
