Subcommittee Chairman Ogles Requests Testimony from LinkedIn, Amazon, Palo Alto Networks on North Korea’s Cyber Infiltration of US Companies, Networks

WASHINGTON, D.C. -- Today, Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andy Ogles (R-TN) sent letters to LinkedIn, Amazon Web Services, and Palo Alto Networks requesting that each company designate a senior executive or comparably senior subject matter expert to testify before the Subcommittee at a February 10 hearing on North Korea's growing use of remote IT worker schemes to infiltrate U.S. companies, fund its weapons program, and undermine national security.

The letters outline how operatives aligned with the Kim Jong Un regime have exploited cloud based hiring platforms, remote work trends, and AI-enabled impersonation tools to gain unauthorized access to U.S. corporate environments under false identities, where they often target positions in software development, cloud engineering, and cybersecurity. These schemes have escalated in scale and sophistication, transforming a well documented fraud tactic into a state-directed cyber and intelligence strategy.

LinkedIn, Amazon Web Services, and Palo Alto Networks each occupy critical positions within this threat landscape from the creation and validation of professional identities, to the hosting of cloud environments targeted by adversaries, to detecting and responding to malicious activity once embedded. The hearing will provide a platform for each company to share its operational perspective on this evolving threat and to help shape a coordinated response to prevent future exploitation of the digital hiring lifecycle.

In the letters, Subcommittee Chairman Ogles writes, "The Subcommittee on Cybersecurity and Infrastructure Protection of the House Committee on Homeland Security is examining a growing national security threat driven by the Democratic People's Republic of Korea's (commonly known as North Korea, hereafter 'DPRK') exploitation of modern remote work and digital hiring practices to embed operatives within U.S. companies under false identities. Although this activity is not a recent development and is frequently encountered at the company level as hiring fraud or identity theft, its scale, sophistication, and potential impact have increased significantly. The Kim Jong Un regime has adapted this model into a state-directed strategy to evade sanctions, generate illicit revenue, and obtain unauthorized access to U.S. corporate and technological environments. As a result, this activity now poses serious and direct risks to the security of the homeland."

"Public reports, federal law enforcement actions, and private sector investigations have demonstrated that DPRK operatives are using stolen or fabricated identities and artificial intelligence-enabled impersonation tools, including synthetic imagery and voice manipulation technologies, to defeat traditional safeguards and obtain remote employment at American companies. These operatives often deliberately apply for and secure positions in technical, cloud, and security relevant roles, thereby enabling the DPRK government to penetrate internal systems, proprietary data, and operational environments never intended to be exposed to a hostile foreign adversary. These activities have been the subject of sustained investigative attention across the federal government, including by the Department of Justice, the Department of Treasury, and the Intelligence Community."

Subcommittee Chairman Ogles concludes, "For these reasons, I respectfully request that you designate a senior executive or comparably senior subject matter expert to testify before the Subcommittee at a hearing titled, 'AI, Deepfakes, and Digital Deception: An Examination of North Korea's Use of Remote IT Workers to Infiltrate U.S. Companies, Fund Its Weapons Program, and Threaten the Homeland.' The hearing will take place on Tuesday, February 10, 2026, at 10:00 a.m. in 310 Cannon House Office Building and will examine how these schemes function in practice, how AI has accelerated their scale and effectiveness, and what steps U.S. companies and the federal government, including the Cybersecurity and Infrastructure Security Agency, can take to reduce risk."

Read the full letters to LinkedIn, Amazon, and Palo Alto Networks.

Background:

Earlier this month, Subcommittee Chairman Ogles convened a hearing to examine how the United States can strengthen its approach to offensive cyber operations as part of a broader national security framework, in light of growing aggression from foreign adversaries. Before the hearing, Subcommittee Chairman Ogles penned an op-ed for the Washington Examiner, warning that escalating cyber threats from sophisticated adversaries like China, Russia, North Korea, and Iran threaten America's critical infrastructure and demand urgent, proactive action.

In November 2025, the House passed two of Subcommittee Chairman Ogles' bills to strengthen America's cybersecurity. The "Protecting Information by Local Leaders for Agency Resilience Act" (PILLAR Act) would reauthorize and enhance the Department of Homeland Security's (DHS) State and Local Cybersecurity Grant Program. The program provides grants to state, local, tribal, and territorial governments to address cybersecurity risks and threats to information systems and operational technology systems, including those using artificial intelligence. H.R. 5078 was introduced and advanced out of Committee in September 2025.

The "Strengthening Cyber Resilience Against State-Sponsored Threats Act " would establish an interagency task force, led by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), to address the widespread cybersecurity threats posed by state-sponsored cyber actors associated with the Chinese Communist Party (CCP). The legislation was advanced by the House Committee on Homeland Security and passed unanimously by the House of Representatives in the 118th Congress.

###