SEATTLE, December 24, 2025: Amazon has blocked more than 1,800 suspected job applications linked to North Korean operatives over the past 18 months, according to the company’s chief security officer, who detailed an escalating effort by the tech giant to counter foreign infiltration attempts targeting its global workforce. Stephen Schmidt, Amazon’s Chief Security Officer, said in a recent briefing that the company’s security division uncovered repeated attempts by individuals believed to be acting on behalf of North Korea to obtain employment through its remote hiring programs. The findings followed an extensive internal review that identified falsified credentials, stolen identities, and inconsistent digital behavior among applicants. One case revealed that an individual managed to secure a remote information technology role before being detected through technical anomalies.
Analysts discovered that the worker’s keyboard inputs had a consistent latency of approximately 110 milliseconds, indicating that commands were being relayed from a distant server rather than a local machine. Subsequent investigation confirmed that the applicant had misrepresented their identity and location. The employment was immediately terminated, and the case was reported to U.S. authorities. According to Schmidt, Amazon has strengthened its verification and vetting systems in response to the incident. The company now employs a combination of artificial intelligence and human-led background checks to identify irregularities in job applications. The process includes evaluating network data, verifying claimed work histories, and cross-checking credentials against global risk databases.
Amazon’s enhanced security protocol is designed to detect indicators such as inconsistent time zones, improbable device configurations, or use of compromised professional profiles. The company’s findings align with a wider pattern observed by international cybersecurity agencies. Over the past two years, officials in the United States and allied countries have warned of state-linked actors using remote work platforms to bypass sanctions and gain access to sensitive data. These schemes often involve sophisticated identity theft operations, where operatives pose as legitimate freelancers or contractors using falsified documentation and third-party accounts. Amazon reported that it has seen a consistent rise in suspicious applications since early 2024. Many of the attempts targeted technical and engineering roles that allow remote access to internal systems or proprietary development environments.
Amazon identifies infiltration attempts through remote hiring
While most applications were intercepted during the screening process, Schmidt confirmed that at least one instance led to temporary employment before the deception was discovered. He emphasized that the incident did not compromise customer data or core infrastructure. Security experts have noted that the proliferation of remote work following the global pandemic has broadened the threat landscape for corporations managing large distributed teams. The increased reliance on digital recruitment platforms and remote verification processes has made it easier for malicious actors to disguise their geographic origin. In response, major U.S. companies have introduced stricter onboarding requirements, including biometric verification, multi-factor identity authentication, and real-time geolocation audits during remote sessions.
Amazon’s internal security unit collaborates with federal law enforcement and intelligence agencies to track and report these incidents. The company shares relevant findings through information exchange programs coordinated with U.S. authorities, enabling cross-industry alerts when suspected infiltration attempts are detected. Schmidt noted that such cooperation has been instrumental in identifying broader patterns of fraudulent activity across the technology sector. The company declined to specify whether any criminal proceedings have been initiated in connection with the identified cases, citing confidentiality protocols governing ongoing security investigations. It reiterated that none of the attempts resulted in unauthorized access to customer accounts or core business systems.
Technical anomalies uncover fraudulent applicants
Amazon continues to refine its screening algorithms to ensure that its global hiring processes remain resilient against evolving cyber threats. Amazon’s latest disclosure underscores the challenges multinational companies face in protecting their workforces from complex digital threats. As hybrid and remote work structures become permanent fixtures of the corporate landscape, maintaining the integrity of employment pipelines has emerged as a critical component of cybersecurity management. For Amazon and its peers in the technology industry, the ability to detect and prevent such infiltration attempts has become an essential safeguard for operational security and compliance with international sanctions regulations. – By Content Syndication Services.