---
title: "Amazon blocks 1,800 alleged DPRK IT fraudsters - Experts hint at a massive cyber trend! | Phish Protection"
description: "Amazon blocks 1,800 alleged DPRK IT fraudsters - Experts hint at a massive cyber trend!: State-sponsored IT fraud is a real threat, and the recent disclosure."
image: "https://phishprotection.com/og/blog/amazon-blocks-1800-alleged-dprk-it-fraudsters-experts-hint-at-cyber-trend.png"
canonical: "https://phishprotection.com/blog/amazon-blocks-1800-alleged-dprk-it-fraudsters-experts-hint-at-cyber-trend/"
---

Quick Answer

State-sponsored IT fraud is a real threat, and the recent disclosure by Amazon further proves the point. The e-commerce giant has barred a whopping 1800 DPRK IT operatives from joining the company since April 2024\. This cyber incident is a staggering reminder of how persistently bleak the situation can be when it comes to state-sponsored threat actors .

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Famazon-blocks-1800-alleged-dprk-it-fraudsters-experts-hint-at-cyber-trend%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Amazon%20blocks%201%2C800%20alleged%20DPRK%20IT%20fraudsters%20-%20Experts%20hint%20at%20a%20massive%20cyber%20trend!&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Famazon-blocks-1800-alleged-dprk-it-fraudsters-experts-hint-at-cyber-trend%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Famazon-blocks-1800-alleged-dprk-it-fraudsters-experts-hint-at-cyber-trend%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Famazon-blocks-1800-alleged-dprk-it-fraudsters-experts-hint-at-cyber-trend%2F&title=Amazon%20blocks%201%2C800%20alleged%20DPRK%20IT%20fraudsters%20-%20Experts%20hint%20at%20a%20massive%20cyber%20trend! "Share on Reddit") [ ](mailto:?subject=Amazon%20blocks%201%2C800%20alleged%20DPRK%20IT%20fraudsters%20-%20Experts%20hint%20at%20a%20massive%20cyber%20trend!&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Famazon-blocks-1800-alleged-dprk-it-fraudsters-experts-hint-at-cyber-trend%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2025/12/amazon-phishing.jpg) 

State-sponsored IT fraud is a real threat, and the recent disclosure by Amazon further proves the point. The **e-commerce giant** has barred a whopping 1800 DPRK IT operatives from joining the company since April 2024\. This cyber incident is a staggering reminder of how persistently bleak the situation can be when it comes to state-sponsored[threat actors](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems).

The Chief Security Officer and Senior Vice President at Amazon, Stephen Schmidt , has revealed that there has been a[27%](https://www.darkreading.com/remote-workforce/amazon-fends-off-dprk-it-job-scammers)quarter-over-quarter boost in applications from DPRK-affiliated threat actors in 2025\. IT scams are definitely not a new entry in the **cybersecurity landscape**. 

_However, the obsession of the cybercrooks with a single company- Amazon- may come off as unnerving_. When the same kind of attacks are being orchestrated strategically against the same organization, it is a clear indication of a large-scale industrial operation carefully strategised to create **national implications**.

![Amazon phishing](https://media.mailhop.org/phishprotection/images/2025/12/amazon-phishing.jpg) 

### **The IT worker scam!**

The[IT operative scam](https://www.darkreading.com/remote-workforce/amazon-fends-off-dprk-it-job-scammers)involves fraudsters who operate on behalf of a nation-state. They serve as legitimate remote technology manpower to **secure legal jobs** on foreign soil. Cyber experts believe that although different nations are involved in such activities, North Korea is a key suspect.

The motivation behind such malicious approaches includes **cyber espionage** and obtaining indirect financial contributions for sanctioned activities . 

Amazon’s workforce is global. But a whopping[1800 malicious attempts](https://www.itpro.com/security/amazon-cso-stephen-schmidt-says-the-company-has-rejected-more-than-1-800-fake-north-korean-job-applicants-in-18-months-but-one-managed-to-slip-through-the-net)from the same country, trying to **infiltrate the company**, is indeed a case of concern. It also hints towards the possibility that other companies might be going through the same without even realizing it.

![Bank security](https://media.mailhop.org/phishprotection/images/2025/12/bank-security.jpg) 

### **How does Amazon detect DPRK applicants?**

Amazon has an intricate, multi-layered hiring strategy. It is the ultimate blend of automation and human intervention.[Amazon’s rigorous hiring strategy](https://vervoe.com/the-secrets-of-amazons-high-volume-hiring-process-a-case-study/)includes stringent credential verification, well-structured interviews, and AI-powered background checks. All these components work in unison to detect inconsistencies in the screening and **recruitment process**.

_It is because of this advanced hiring strategy that Amazon got to discover priceless insights around **DPRK-backed IT operatives** and their tactics_. Deeper analysis has revealed that identity theft is one of the most prevalent and highly sophisticated threats nowadays. These state-sponsored[cybercrooks](/phishing/pandora-targeted-by-cybercrooks-what-you-should-know)very easily impersonate real employees, maybe software engineers, to break into inactive LinkedIn accounts. They also misuse legitimate, active profiles to look more credible.

Another tactic being used by these state-sponsored fraudsters is leveraging laptop farms. Generally, physical laptops are stored within the USA borders to bypass **geolocation checks**. They create a fake impression of being employed within the USA, all the while operating from overseas.

![Cyber threat](https://media.mailhop.org/phishprotection/images/2025/12/cyber-threat-1.jpg) 

Apart from conventional software engineers, hackers are now also targeting professionals across other roles, such as machine learning and[artificial intelligence](/phishing/ai-phishing-artificial-intelligence-act-both-boon-and-bane-for-phishing)experts. The main reason for targeting these professionals is their high paychecks, easy access to data, and **sensitive intellectual property**.

A common trend among these **fake IT applicants** is flaunting educational connections with universities in California and New York. A detailed investigation is required to address discrepancies, such as mismatches between stated majors and the courses offered by the mentioned universities. _Close scrutiny also helps unravel minute discrepancies such as non-alignment of graduation dates and academic calendars._

These strategic attack patterns have helped business organizations realize that surface-level checks are no longer adequate in these times. **Cross-functional collaboration** and contextual awareness are required to hire the right people and prevent any[malicious recruitment](https://www.bankinfosecurity.com/hackers-target-job-recruiters-through-malicious-resumes-a-28665).

![Cybersecurity](https://media.mailhop.org/phishprotection/images/2025/12/cybersecurity.jpg) 

### **It is not limited to just Amazon**

Amazon is not the only one facing the brunt of this nation-state threat campaign. **Cybersecurity experts** and law enforcement agencies have been quite vocal about such attacks across different industries. The US Department of Justice has carried out multiple intensified[enforcement efforts](https://www.justice.gov/opa/pr/justice-department-announces-coordinated-nationwide-actions-combat-north-korean-remote)targeting fraud networks that used to help DPRK operatives secure employment opportunities in different US-based organizations.

A group of researchers at[Sophos](https://www.sophos.com/en-us/blog/nickel-tapestry-expands-fraudulent-worker-operations)has concluded that such threats have become incredibly common across **small enterprises** and Fortune 500 companies. What’s more concerning is that the attacks are not slowing down even after increased awareness among the business organizations. Every malicious campaign is being structured with sophistication- proxy infrastructure, layered deception, and stolen identities make things worse.

![Phishing](https://media.mailhop.org/phishprotection/images/2025/12/phishing.jpg) 

Cybersecurity awareness and a strong security framework are more critical than ever, and Amazon’s disclosure has reshaped where cybersecurity responsibility truly begins. What was once seen as purely an HR concern has evolved - driven by AI-powered threats - into a frontline security issue, making hiring a **potential attack surface**. Integrating cybersecurity controls, including[phishing protection](/), into every stage of the recruitment process is now essential to safeguard organizations.

_With a remote work culture and global hiring, things will only get worse. The only way out is to blend **cybersecurity systems** into every layer of the recruitment process_. It is important to understand that even a simple job application can be as dangerous as a phishing email .

## Topics

[ Cybersecurity ](/tags/cybersecurity/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 3m  13,000 Singapore-based students affected as a threat actor hacked into their devices!  Aug 16, 2024 ](/blog/13000-singapore-based-students-affected-as-a-threat-actor-hacked-into-their-devices/)[  Intermediate 3m  The 2024 Multi-Nation Elections Need to Steer Clear of Highly Potent Cyber Menaces  May 9, 2024 ](/blog/2024-multi-nation-elections-cyber-threats-stay-vigilant/)[  Intermediate 6m  7 Commonly Overlooked But Crucial Security Threats That You Might be Ignoring  Feb 6, 2023 ](/blog/7-commonly-overlooked-but-crucial-security-threats-that-you-might-be-ignoring/)[  Intermediate 17m  9+ Cybersecurity Software Solutions For Businesses To Use  May 30, 2022 ](/blog/9-cybersecurity-software-solutions-businesses/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Amazon blocks 1,800 alleged DPRK IT fraudsters - Experts hint at a massive cyber trend!","description":"Amazon blocks 1,800 alleged DPRK IT fraudsters - Experts hint at a massive cyber trend!: State-sponsored IT fraud is a real threat, and the recent disclosure.","url":"https://phishprotection.com/blog/amazon-blocks-1800-alleged-dprk-it-fraudsters-experts-hint-at-cyber-trend/","datePublished":"2025-12-31T14:02:39.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2025-12-31T14:02:39.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/amazon-blocks-1800-alleged-dprk-it-fraudsters-experts-hint-at-cyber-trend/"},"articleSection":"intermediate","keywords":"Cybersecurity","wordCount":899,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2025/12/amazon-phishing.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Amazon blocks 1,800 alleged DPRK IT fraudsters - Experts hint at a massive cyber trend!","item":"https://phishprotection.com/blog/amazon-blocks-1800-alleged-dprk-it-fraudsters-experts-hint-at-cyber-trend/"}]}
```