Amazon implements stricter vetting to block North Korean agents applying for remote roles
Amazon has significantly tightened its recruitment and security protocols to prevent North Korean operatives from infiltrating its workforce through remote software development positions.
- Dec 24, 2025,
- Updated Dec 24, 2025 12:39 PM IST
Amazon has significantly tightened its recruitment and security protocols to prevent North Korean operatives from infiltrating its workforce through remote software development positions. The retail and cloud computing giant’s Chief Security Officer (CSO), Steve Schmidt, confirmed that the company has actively blocked numerous applications linked to a sophisticated state-sponsored scheme designed to funnel revenue into North Korea's sanctioned programmes.
The infiltration strategy relies on "laptop farms," which are physical locations, often in third-party countries, where North Korean agents house company-issued hardware. These laptops are connected to the internet via local residential proxies, allowing workers based in North Korea to control the machines remotely. This deception makes it appear to corporate security systems that the employee is working from a legitimate location in the United Kingdom, the United States, or other authorised regions.
According to Schmidt, Amazon has identified and thwarted attempts by these agents to bypass traditional identity verification. The operatives frequently use stolen or forged identities, often belonging to real IT professionals, to pass initial background checks. To counter this, Amazon has introduced more rigorous "liveness" tests during the interview process and enhanced monitoring of network traffic to detect the tell-tale signs of remote-access software being used on corporate devices.
The threat is particularly relevant to the Indian technology sector, which serves as a global hub for remote engineering talent. As North Korean agents increasingly target multinational firms, Indian companies are being urged to adopt similar "zero-trust" hiring practices. Analysts warn that these operatives are not only seeking high salaries that are estimated to reach hundreds of thousands of dollars per year but may also seek to gain administrative access to cloud infrastructure for potential industrial espionage or cyberattacks.
The use of generative AI has further complicated the landscape. Operatives are reportedly using AI tools to refine their English proficiency and even alter their appearance or voice during video calls to better match the stolen identities they assume.
Amazon’s proactive stance highlights a shift in corporate security, where the focus has moved beyond protecting data to verifying the very existence and location of the remote workforce. For the global tech industry, the case serves as a stark reminder that the convenience of remote hiring now carries significant geopolitical risks.
For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine
Amazon has significantly tightened its recruitment and security protocols to prevent North Korean operatives from infiltrating its workforce through remote software development positions. The retail and cloud computing giant’s Chief Security Officer (CSO), Steve Schmidt, confirmed that the company has actively blocked numerous applications linked to a sophisticated state-sponsored scheme designed to funnel revenue into North Korea's sanctioned programmes.
The infiltration strategy relies on "laptop farms," which are physical locations, often in third-party countries, where North Korean agents house company-issued hardware. These laptops are connected to the internet via local residential proxies, allowing workers based in North Korea to control the machines remotely. This deception makes it appear to corporate security systems that the employee is working from a legitimate location in the United Kingdom, the United States, or other authorised regions.
According to Schmidt, Amazon has identified and thwarted attempts by these agents to bypass traditional identity verification. The operatives frequently use stolen or forged identities, often belonging to real IT professionals, to pass initial background checks. To counter this, Amazon has introduced more rigorous "liveness" tests during the interview process and enhanced monitoring of network traffic to detect the tell-tale signs of remote-access software being used on corporate devices.
The threat is particularly relevant to the Indian technology sector, which serves as a global hub for remote engineering talent. As North Korean agents increasingly target multinational firms, Indian companies are being urged to adopt similar "zero-trust" hiring practices. Analysts warn that these operatives are not only seeking high salaries that are estimated to reach hundreds of thousands of dollars per year but may also seek to gain administrative access to cloud infrastructure for potential industrial espionage or cyberattacks.
The use of generative AI has further complicated the landscape. Operatives are reportedly using AI tools to refine their English proficiency and even alter their appearance or voice during video calls to better match the stolen identities they assume.
Amazon’s proactive stance highlights a shift in corporate security, where the focus has moved beyond protecting data to verifying the very existence and location of the remote workforce. For the global tech industry, the case serves as a stark reminder that the convenience of remote hiring now carries significant geopolitical risks.
For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine