Ddos 
E-commerce and technology giant Amazon has recently disclosed its proactive efforts to counter North Korean hacking operations, following mounting evidence that such actors have been using so-called “laptop farms” in Arizona as staging grounds to infiltrate U.S. companies. By posing as legitimate job applicants, they secure remote positions, then proceed to steal sensitive data and engage in extortion.
Amazon had not previously spoken publicly about these incidents, but now reveals that since April 2024 it has thwarted more than 1,800 attempted intrusions linked to North Korean hackers—a figure that continues to rise rapidly. The company estimates that quarter over quarter, attempts to penetrate Amazon’s systems by these actors have increased by 27%. The typical scheme begins with paying U.S. residents to run what appear to be innocuous side gigs—purchasing and maintaining large numbers of laptops connected to domestic networks. These machines are then used to support fraudulent résumés crafted to look polished and credible, enabling hackers to apply for remote roles at major technology firms. Once hired, they gain broad latitude to act unchecked.
In 2025 alone, North Korean hackers used this method to attack multiple cryptocurrency companies and platforms, inflicting substantial losses. While assaults on the crypto sector are primarily aimed at stealing funds, Amazon believes that infiltration attempts against its own organization were likely motivated by the pursuit of sensitive internal data. Indeed, the company confirmed that some attackers successfully joined Amazon using fabricated credentials. Earlier in 2025, behavioral monitoring on a newly hired systems administrator’s laptop triggered alerts, prompting an internal security investigation.
Following an in-depth review, Amazon’s security specialists determined that the U.S.-based remote employee’s laptop was being controlled remotely, resulting in unusually high keystroke latency. Under normal conditions, keystroke delays on laptops connected directly via U.S. networks are typically measured in mere tens of milliseconds. In this case, latency reached 110 milliseconds. While this was a single incident, it underscored that traces of such activity are often detectable.
Amazon also shared additional indicators it monitors. During interactions, hackers frequently betray themselves through subtle linguistic slips—difficulty using American idioms naturally or inconsistencies in written English—reflecting the fact that English is not their native language. These cues are among the signals Amazon prioritizes in its defensive efforts.
Previously, the U.S. Federal Bureau of Investigation dismantled several laptop farms that had been facilitating North Korean cyber operations. These facilities housed computers for remote use by hackers, and their operators were subsequently convicted for their role in the illicit activity.
Donate