Tue Dec 23 03:42:40 UTC 2025: Summary:
Amazon reports blocking over 1,800 North Koreans from joining the company after a significant increase in applications, revealing a North Korean strategy of sending IT workers abroad to earn and launder funds. These workers often use “laptop farms” to operate remotely, and Amazon’s Chief Security Officer warns this is a widespread issue across the tech industry. This follows a recent case where an Arizona woman was sentenced for running a laptop farm that helped North Korean IT workers secure jobs at over 300 U.S. companies, generating millions for her and North Korea. South Korea’s intelligence agency had also warned of North Korean operatives posing as recruiters on LinkedIn to gather information from South Korean defense firms.
News Article:
Amazon Blocks Over 1,800 North Korean IT Workers Amid Growing Concerns of Funding Scheme
Seoul, December 23, 2025 – U.S. tech giant Amazon has revealed it blocked over 1,800 North Korean applicants attempting to secure remote IT jobs within the company, highlighting a growing concern about North Korea’s use of IT workers to generate revenue and launder funds.
In a LinkedIn post, Amazon’s Chief Security Officer Stephen Schmidt stated that the company observed a near 30% surge in applications from individuals identified as North Korean in the past year. He explained that these workers often employ “laptop farms,” where computers located in the United States are controlled remotely from abroad.
“This isn’t Amazon-specific,” Schmidt warned. “It is likely happening at scale across the industry.”
The company identified potential North Korean applicants through telltale signs such as incorrectly formatted phone numbers and questionable academic credentials.
This revelation follows the sentencing of an Arizona woman in July to over eight years in prison for running a “laptop farm” operation. The scheme aided North Korean IT workers in obtaining remote positions at over 300 U.S. companies, generating over $17 million in revenue for both the woman and the North Korean regime.
Last year, South Korea’s intelligence agency cautioned that North Korean operatives were utilizing LinkedIn to impersonate recruiters and target South Koreans working at defense firms, seeking to extract sensitive information about their technologies. The incidents underscores the sophisticated nature of North Korea’s efforts to circumvent sanctions and generate income through cyber activities.
First Piper 