Remote work systems meant to widen global hiring have opened a new path for sanctions evasion, allowing North Korean operatives to earn and launder money for the regime while posing as overseas tech workers.
Amazon.com said it blocked more than 1,800 North Koreans from joining the company after detecting a surge in attempts to secure remote IT jobs, according to a public post by its chief security officer Stephen Schmidt. Schmidt said applications linked to North Korea rose by nearly one third over the past year and warned the activity is likely widespread across the technology sector.
North Korean workers have been seeking remote positions with companies worldwide, particularly in the United States, using tactics designed to bypass identity and location checks. Schmidt said these workers often rely on so called laptop farms, where computers physically located inside the US are operated remotely from abroad, masking the user’s true location.
“This problem isn’t Amazon specific,” Schmidt said. “It is likely happening at scale across the industry.”
Security teams flagged common indicators among applicants, including incorrectly formatted phone numbers and questionable academic records. The pattern points to an organized effort rather than isolated cases of job fraud.
US authorities have already linked such schemes to direct funding for the North Korean state. In July, a woman based in Arizona was sentenced to more than eight years in prison for running a laptop farm that helped North Korean IT workers obtain remote jobs at more than 300 US companies. Prosecutors said the operation generated more than $17 million in revenue shared between the operator and North Korea.
South Korean intelligence officials have also warned that North Korean operatives are using professional networking platforms to expand their reach. Last year, Seoul’s intelligence agency said North Korean agents used LinkedIn to pose as recruiters and contact South Koreans working at defense firms, attempting to extract sensitive information about their technologies.
The activity underscores how remote work infrastructure and online hiring platforms have become an unintended workaround for international sanctions. By embedding operatives into foreign companies without crossing borders, North Korea is able to generate income and access systems while remaining largely invisible to traditional enforcement methods.
As companies continue to rely on remote hiring at scale, the cases flagged by Amazon and US prosecutors show that what began as a flexible work solution has also become a channel for state backed operations operating in plain sight.
