Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Amazon Security. Show all posts
North Korean Agents
Amazon Security Cyber Security Hiring scams AI Screening North Korean Agents

Amazon Thwarts 1,800+ North Korean Job Scams with AI and Tiny Clues

 

Amazon's chief security officer, Stephen Schmidt, revealed how the company blocked over 1,800 suspected North Korean operatives from securing remote IT jobs since April 2024. These agents aimed to funnel salaries back to Pyongyang's weapons programs, bypassing sanctions through stolen identities and sophisticated tactics. Amazon detected a 27% quarter-over-quarter rise in such applications in 2025, using AI screening combined with human verification to spot subtle red flags.

North Korean operatives have evolved their strategies, targeting high-demand AI and machine-learning roles at U.S. firms. They hijack dormant LinkedIn profiles, pay legitimate engineers for credential access, or impersonate real software developers to build credible online presences. Educational claims often shift—from East Asian universities to no-tax U.S. states, and lately California or New York schools—frequently listing degrees from institutions without the claimed majors or mismatched graduation dates.

Amazon's defense relies on AI models scanning nearly 200 high-risk institutions, résumé anomalies, and geographic mismatches, followed by rigorous background checks and interviews. Human reviewers caught one operative via keystroke delays from a remotely controlled U.S. laptop in a "laptop farm"—facilities where locals receive company hardware but allow overseas access. Phone number formatting stands out too: fraudsters use "+1" prefixes uncommon among actual U.S. residents.

These "laptop farms" maintain a domestic IP footprint while operatives work from abroad, evading location checks. U.S. authorities have cracked down, sentencing an Arizona woman to over eight years in July 2025 for running farms that netted $17 million for North Koreans across 300+ firms. Schmidt warns this threat scales industry-wide, urging multi-stage identity checks and device monitoring.

Schmidt calls on employers to analyze HR data for patterns in emails, IPs, and universities, then report suspicions to the FBI. As remote work persists, these small details—pieced together—form a critical barrier against regimes turning corporate payrolls into sanction-busting revenue streams. Sharing tactics, he says, strengthens collective defenses in cybersecurity.
Read more »
North Korean Hackers
Amazon Security Cyber Attacks DPRK Infiltration Keystroke Latency North Korean Hackers

Amazon Busts DPRK Hacker on Tiny Typing Delay

 

Amazon recently uncovered a North Korean IT worker infiltrating its corporate network by tracking a tiny 110ms delay in keystrokes, highlighting a growing threat in remote hiring and cybersecurity. The anomaly, revealed by Amazon’s Chief Security Officer Stephen Schmidt, pointed to a worker supposedly based in the U.S. but actually operating from thousands of miles away.

The infiltration occurred when a contractor hired by Amazon shipped a company laptop to an individual later found to be a North Korean operative. Commands sent from the laptop to Amazon’s Seattle headquarters typically take less than 100 milliseconds, but these commands took over 110 milliseconds—a subtle clue that the user was located far from the U.S.. This delay signaled that the operator was likely in Asia, prompting further investigation.

Since April 2024, Amazon’s security team has blocked more than 1,800 attempts by North Korean workers to infiltrate its workforce, with attempts rising by 27% quarter-over-quarter in 2025. The North Korean operatives often use proxies and forged identities to access remote IT jobs, funneling earnings into the DPRK’s weapons programs and circumventing international sanctions.

Security monitoring revealed that the compromised laptop was being remotely controlled from China, though it did not have access to sensitive data. Investigators cross-referenced the suspect’s resume with system activity and identified a pattern consistent with previous North Korean fraud attempts. Schmidt noted that these operatives often fabricate employment histories tied to obscure consultancies, reuse the same feeder schools and firms, and display telltale signs such as mangled English idioms.

The front in this case was an Arizona woman who was sentenced to multiple years in prison for her role in a $1.7 million IT fraud ring that helped North Korean workers gain access to U.S. corporate networks. Schmidt emphasized that Amazon did not directly hire any North Koreans but warned that shipping company laptops to contractor proxies can create significant risks.

This incident underscores the importance of thorough background checks and advanced endpoint security for remote workers. Latency analysis, behavioral monitoring, and traffic forensics are now essential tools for detecting nation-state threats in the remote work era. Cybersecurity professionals are urged to go beyond basic vetting—such as LinkedIn scans—and adopt robust anomaly detection to protect against sophisticated grifters.As North Korean fraud tactics continue to evolve, companies must remain vigilant. Every lag, every odd behavior, and every unverified resume could be the first sign of a much larger threat hiding in plain sight.
Read more »
Subscribe to: Comments (Atom)