Amazon raises the alarm: over 1,800 suspicious IT applications linked to North Korea blocked from 2024. Remote working becomes a new front in hybrid warfare.
There is a front of global geopolitical competition that no longer passes only through missiles or military exercises, but through job applications sent online and interviews on videoconferencing platforms. This is where, according to Amazon, North Korea is fighting one of its quietest and most sophisticated battles: infiltrating fictitious IT workers into big Western tech companies to fund its military programs.
An operation that tells a lot not only about the Pyongyang regime, but also about how work, security and conflict are changing shape in the 21st century.
Amazon’s alarm and the numbers of the phenomenon
The phenomenon was brought to light by Stephen Schmidt, vice president and global head of security at Amazon. Since April 2024, the US giant has blocked over 1,800 applications deemed suspicious and attributable to North Korean networks. The trend is even more significant: the number of anomalous applications grew on average by 27 percent per quarter, a pace that indicates a structured and persistent strategy, not a series of isolated episodes.
According to Amazon, the goal is direct and pragmatic: get a job in the Western technology sector, receive regular salaries and have those funds flow to the regime, bypassing the system of international sanctions.
Because the tech sector is the ideal target
This is not a random choice. North Korea has been investing in cyber capabilities and digital operations for years, aware that the economy of evasion is one of the few viable ways to support its military ambitions. The Western technology sector offers ideal conditions: high salaries, roles often compatible with remote work and increasingly digitalized selection processes, therefore more exposed to artfully constructed identities.
According to Amazon, the most affected roles are those related to software development, artificial intelligence and machine learning. Highly requested profiles, hired quickly and often without in-depth checks on the real geographical context of the candidates. It is in this space that the North Korean operation fits, carried out by highly trained personnel working in closed structures and with the sole objective of generating revenue for the State.
How ghost applications work
Internal analyzes show how applications have become increasingly sophisticated. The profiles used are often clones of real engineers, with a credible and consistent digital presence. In other cases, existing professional accounts are compromised or purchased. What makes everything even more effective is the support of accomplices resident in the United States or other Western countries, who provide IP addresses, telephone numbers and documentation useful to make the candidacy appear as a domestic one.
Plausible Western qualifications and well-constructed professional paths appear in CVs, even if small technical details, such as inconsistencies in formatting or contact details, sometimes end up betraying the deception.
Artificial intelligence versus hybrid warfare
To combat the phenomenon, Amazon has strengthened the use of artificial intelligence systems capable of identifying recurring patterns, behavioral anomalies and inconsistencies in the data provided by candidates, combining these technologies with targeted human checks. But the company itself admits that it is a continuous race: each new barrier generates increasingly refined circumvention strategies.
Remote working, born as a tool for flexibility and global openness, thus also becomes a point of systemic vulnerability.
A threat that goes beyond Amazon
The alarm raised by Amazon goes far beyond the single company case. The suspicion, made clear by the security manager, is that the same scheme is already operating on a large scale in many other Western technology companies. The risk is not only economic, but strategic. The infiltration of personnel linked to a hostile state can expose companies to data leaks, internal sabotage and security breaches, as well as indirectly contribute to the financing of military programs.
Fewer missiles, more code
This story gives an image of North Korea that is different from the better-known one of the ballistic tests and military parades. Pyongyang didn’t stop fighting, it simply moved the battlefield. Fewer visible missiles and more code, fewer physical borders and more digital identities, fewer recognizable soldiers and more invisible workers.
