Tech giant uncovers large-scale remote work infiltration linked to North Korea’s cyber operations
A growing cyber threat is quietly unfolding inside the global remote work economy, prompting major technology firms to tighten digital defenses against state-linked infiltration efforts.
Rising Attempts to Infiltrate Global Tech Firms
Amazon has blocked more than 1,800 North Korean nationals from joining the company since April 2024, after detecting a sharp rise in suspicious applications for remote IT roles. According to Amazon Chief Security Officer Stephen Schmidt, applications linked to North Korea surged by nearly 30 percent over the past year, reflecting what Washington says is a coordinated effort by Pyongyang to earn and launder foreign currency through overseas tech jobs.
Laptop Farms and Remote Control Tactics
Investigations revealed that many of these applicants relied on so-called laptop farms, where computers physically located in the United States were operated remotely from abroad. These setups allowed North Korean workers to appear as legitimate US-based employees by routing traffic through domestic IP addresses, masking their true locations.
How Amazon Detected the Breach
Amazon’s security teams uncovered infiltrators by closely monitoring network behavior. In one case, a system administrator was exposed due to a 110-millisecond keystroke delay, far above the typical 10 milliseconds expected from US-based remote workers. Additional red flags included improperly formatted phone numbers, questionable academic credentials, and unusual English language usage during internal communications.
A Criminal Network Behind the Scheme
The threat extended beyond corporate infiltration. In July, a woman in Arizona was sentenced to more than eight years in prison for operating a laptop farm that helped North Korean IT workers secure jobs at over 300 US companies. US officials said the scheme generated more than US$17 million, funding both the operator and the North Korean regime.
A Broader Cyber Warfare Strategy
Security analysts say these efforts are part of a long-running cyber warfare strategy. North Korea’s cyber program dates back to the mid-1990s and has evolved into Bureau 121, a 6,000-strong cyber unit operating across multiple countries, according to a 2020 US military report. Seoul’s intelligence agency has also warned that North Korean operatives have used LinkedIn to pose as recruiters targeting defense sector employees.
Global Sanctions and Financial Impact
In November, Washington imposed sanctions on eight individuals accused of state-sponsored hacking to fund North Korea’s nuclear weapons program. The US Department of the Treasury estimates that North Korea-linked cybercriminals have stolen more than US$3 billion over the past three years, largely through cryptocurrency theft, underscoring the financial scale of these operations.
Amazon’s actions highlight how cyber threats linked to state actors are increasingly embedded in everyday digital systems, including remote work platforms. As Southeast Asia deepens its integration with global tech ecosystems, these developments carry important lessons for Indonesian and Singaporean companies on cybersecurity vigilance, talent verification, and cross-border digital risk management.
Sources: NST MY (2025) , EN Tempo (2025)
Keywords: Amazon Security, North Korean Hackers, Remote IT Jobs, Laptop Farms, Cyber Warfare
