Nick McKenzie on how North Korean spies are infiltrating Australian companies - The Morning Edition

Summary5 min read

The Morning Edition: Nick McKenzie on North Korean Spies Infiltrating Australian Companies

Date: March 31, 2026
Host: Samantha Selinger-Morris
Guest: Nick McKenzie, Investigative Reporter
Podcast: The Age and Sydney Morning Herald

Overview of the Episode

In this eye-opening episode, investigative journalist Nick McKenzie exposes the covert operations of North Korean spies infiltrating Australian (and international) companies by posing as remote IT workers. With input from Australia’s top intelligence officials, McKenzie details his own sting operation, the dangerous new trends in international espionage, and how seemingly ordinary individuals facilitate these crimes. The episode serves as a public warning—and a call to action—for companies and the broader community to protect themselves against this escalating threat.

Key Discussion Points & Insights

1. The New Face of North Korean Espionage

Scale and Motivation ([00:54]):
- North Korea, driven by the need to fund illicit weapons programs and to obtain sensitive IP, deploys “an army of agents” posing as remote workers, pretending to be from America, Europe, or Asia.
- These operatives are most interested in infiltrating IT departments to steal secrets or sabotage infrastructure.
- Money from these schemes directly funds the Kim Jong Un regime.
"Once we’re in your networks, we can steal your secrets and worst case scenario, engage in acts of sabotage if and when the need arises." — Nick McKenzie [00:54]

2. Why ASIO Brought This into the Open

Unprecedented Access ([03:00]):
- ASIO Director-General Mike Burgess granted rare access, even allowing a 60 Minutes crew to film, to illustrate the severity and urgency of the threat.
- The spy agency recognizes that government alone cannot combat this; businesses and the wider public must be vigilant:
"For Australia to actually properly combat these malicious actors, we've got to get on the front foot. And that's not the job of the spies, the spooks and the cops. It's the job of the companies and the community." — Nick McKenzie [03:00]

3. Cases of Successful Infiltration

Confirmed Incidents ([04:48]):
- ASIO and cybersecurity firms like dtex have identified North Korean infiltration in Australian companies, with current AFP investigations underway.
- Notably, the National Australia Bank detected and removed a North Korean agent embedded via a third-party contractor.
"If a very sophisticated beast like the NAB...can be so easily infiltrated, think how the rest of our tech, commercial, financial services, [and] defence sectors are exposed." — Nick McKenzie [04:58]

4. The Anatomy of a Sting Operation

Trapping an Agent ([06:28]):
- McKenzie and dtex set up a honeypot job for remote IT work, receiving an application from an identity known to be used by previous North Korean operations.
- In the staged Zoom interview, the individual presented as "Aaron Pearson" (photo: Black American) but appeared as someone of Asian appearance.
- Through localized questions, McKenzie exposed inconsistencies; the applicant failed basic questions about local Californian or New York landmarks and panicked when confronted about the North Korean regime.
"He could not name where he lived. All he could say was on the west. Where were you living? What suburb? 'I'm sorry? Where in New York did you live?' 'I'm in west coast of the New York. I'm in west part of New York area.'" — Nick McKenzie [06:28]
- The operative quickly ended the interview when pressed about North Korea and sanctions.

5. The ‘Laptop Farmer’ System & International Parallels

Operations in the US ([11:31]):
- Describes how North Korea uses intermediaries called "laptop farmers," such as American Christina Chapman, to receive and forward company laptops for remote operatives.
- Chapman received 90 laptops, facilitating the infiltration of about 300 US companies including big names like Nike.
- She was convicted and sentenced to 8.5 years in prison.
"She was a not too bright, not too well spoken, very ordinary American doing some pretty extraordinary things. Right now she's sitting in a jail cell serving eight and a half years in prison." — Nick McKenzie [11:31]
- McKenzie reveals at least one similar "laptop farm" is suspected to be operating in Australia today.
Question of Plausible Deniability ([13:15]):
- Both McKenzie and US prosecutor Jeanine Pirro reject Chapman’s claim of ignorance, emphasizing personal responsibility and the need for vigilance.

6. Technology and Evolving Tactics

AI and Fake Identities ([06:28], [15:12]):
- North Korea employs AI to generate resumes, scout for jobs, even mimic human interaction in preliminary hiring stages.
- Chinese AI is increasingly backing North Korean operations, making detection even harder.

7. Why Companies Fall Victim

Shortcuts and Cost-Cutting ([10:50], [15:12]):
- Many Australian corporations, driven by cost-saving measures, lower their hiring standards and due diligence, making them vulnerable.
"The system or the operation put in place by North Korea relies on companies taking shortcuts. And the terrifying thing is too many big Aussie corporates are taking those shortcuts. Why? To save money." — Nick McKenzie [10:50], [15:07]

8. Protecting Against Infiltration: Action Steps for Companies

Due Diligence & Verification ([15:12]):
- Basic yet robust recommendations:
  - In-person or real-time video verifications.
  - Stringent checks on applicant backgrounds, references, IDs.
  - Asking detailed, location-specific questions hard for a fake to answer.
  - Use of advanced cybersecurity protocols, but also layered, human-centered checks.
  - Continuous improvement as both attacker and defender technology evolves.
"Have controls in place to make sure these North Koreans never get in the door." — Nick McKenzie [15:12]

Notable Quotes & Memorable Moments

On the scale of the problem:

"We're talking about essentially criminal acts. It's one for the AFP...there are live AFP assessments and/or investigations into these threat actors here operating in Australia, either from a remote location, or in some cases onshore." — Nick McKenzie [04:58]
On the creativity of North Korean operations:

"The AI programs create resumes, they scale the Internet looking for remote IT job opportunities. The AI programs initially sometimes interact with recruiters as if they're a real person once they get through the door." — Nick McKenzie [06:28]
Challenging a spy’s story:

"Well, you don't look like the Aaron Pearson, who I believe is the real Aaron Pearson." — Nick McKenzie, confronting the operative [06:28]
On the insidiousness of shortcut culture:

"The terrifying thing is too many big Aussie corporates are taking those shortcuts. Why? To save money. That has to end." — Nick McKenzie [15:12]

Timestamps for Key Segments

The North Korean espionage model explained: [00:54]
ASIO's rare public stance and call to action: [03:00]
Confirmed cases in major Australian institutions: [04:58]
Nick McKenzie’s undercover sting operation: [06:28]
“Laptop farmer” case and parallels in the US: [11:31]
Debunking plausible deniability for intermediaries: [13:15]
Company-level action steps and evolving threats: [15:12]

Conclusion

Nick McKenzie's investigation, backed by ASIO’s warnings, details an escalating and highly sophisticated espionage threat to Australian businesses, fueled by North Korea’s regime and enabled by global technology and cost-cutting hiring practices. The episode stresses that vigilance, rigorous vetting, and a commitment to security over savings are the best defenses for companies navigating this increasingly perilous digital economy.

Loading summary

Transcript17 lines

[00:04]
A
Investigative reporter Nick Mackenzie logged onto the Zoom meeting to meet the man who said he was Aaron Pearson. Mackenzie, too, was hiding his real identity, pretending to be a recruiter for an Australian tech company. The whole thing was a setup, a trap for someone Mackenzie suspected to be a spy for North Korea. I'm Samantha Sellinger Morris, and you're listening to the morning edition from the Age and the Sydney Morning Herald. Today, Nick McKenzie on the New way that spies are targeting Australian businesses and what happened in that Zoom call. So Azio has told you that North Korean spies have infiltrated companies in Australia using what you've described as an ingenious method. Tell us about this.
[00:54]
B
Well, just how ingenious it is is perhaps open to debate, but it's certainly malicious and it's certainly at vast scale. So what's happening? North Koreans need money. Kim Jong Un has a, as we know, an illicit weapons program, nuclear, ballistic and other. IT needs to fund that. North Korea is also on the mission to steal sensitive commercial IP defense IP from Western nations across the world. And ultimately, it wants leverage points, not just weapons. But if it can go and sabotage companies involved in vital infrastructure, these are all things the North Koreans want. Now, what North Korea has done is deploy an army of agents who are pretending to be non North Koreans. So, American, Western European, South Asian, Southeast Asian, remote IT workers offering themselves out as job applicants at major companies and small companies and saying, we can work for your Australian company. Well, one little thing will have to work offshore. Think of it as a stay at home worker. We'll work in your IT department or as an IT contractor or through an IT contractor third party. And you'll be none the wiser that we are in fact, a North Korean agent. The money you pass goes straight back to the regime of Kim Jong Un. And once we're in your systems, once we're in your networks, we can steal your secrets and worst case scenario, engage in acts of sabotage if and when the need arises. Now, no less than the Director General of Security, the head of asio, Mike Burgess, has sounded the alarm that Australian companies have been infiltrated. His investigators have found this going on in Australia. It's a real clear and present danger.
[02:34]
A
Okay, well, this is what I wanted to ask you because you've said that it's actually rare to get an invite into the Azio building. This, of course, is our leading spy agency. But not only did Azio boss Mike Burgess invite. Invite you in, but he invited the whole 60 minutes video crew into the building to film your interview. So is this an indication of how damaging, you know, these North Korean spies are potentially to Australians. And what exactly is at stake here? Like what threat do they pose to anyone who's listening?
[03:01]
B
Well, I think the reason that the normally very secretive ASIO and it is extremely rare to get access to ASIO and its Director General open the doors on this occasion is because the spy agency by itself, with its partners, the AFP and others, can only do so much for Australia to actually properly combat these malicious actors. We've got to get on the front foot. And that's not the job of the spies, the spooks and the cops. It's the job of the companies and the community. How dangerous is it? Well, the world is a more hostile and more complex place arguably than ever before. We know North Korea wishes to do the west harm. We know North Korea is building stockpiles of terribly destructive weapons. We know North Korea already has very active cyber operations across the world seeking to infiltrate Western companies, Western governments to steal secrets, most significantly, once. And this is a danger of the cyber digital economy world in which we now all live. Once a hostile actor, a North Korean agent, is in your systems, they can do untold damage. We've seen what happens when large organizations are hacked. We've seen systems go down. We've seen hospitals and places providing acute services, much needed services held to ransom. These are all massive sabotage like dangers. And that's bad enough. It's not just that you're funding the North Korean regime when you employ these North Korean agents unwittingly, but the risk is you're also giving up your commercial secrets. It could be secrets that are sensitive to national security, but also you could be compromising. If you say a company working in critical infrastructure, you could be compromising national security that way because of the risk that these same remote IT secret agents can work as saboteurs down the track.
[04:48]
A
Okay, And ASIO actually has examples of Australian companies that have been infiltrated by these North Korean spies. So tell us about that.
[04:58]
B
Well, the Director General of ASIO didn't say a great deal about that other than his investigators have found these threat actors. They found them operating in Australia because we're talking about essentially criminal acts. It's one for the afp. So these matters have been referred to the Federal Police. We have dtex, a cyber company that's leading a charge here in this nation protecting the private sector. Also referring matters to the afp. We know there are live AFP assessments and or investigations into these threat actors here operating in Australia, either from a Remote location, or in some cases onshore in Australia. The most prominent case that we uncovered involved the National Australia bank, the nab, one of the big four banks. IT found one of these North Korean agents had infiltrated its workforce posing as a remote IT worker, albeit through a third party contractor, identified the threat. It got rid of the actor. But the point to be made is if a very sophisticated beast like the nab, with all its cybers and security controls can be so easily infiltrated, think how the rest of our tech, commercial, financial services, defence sectors are exposed. And even more so when there are players without those controls that the NAB and other big players naturally have.
[06:16]
A
Okay, well, let's get into how these North Korean spies have actually infiltrated companies in Australia and elsewhere. Perhaps you can just tell us about how you actually caught one one of these operatives in the act. What happened?
[06:29]
B
Well, we know there are thousands of North Korean agents posing as these remote IT workers. They're using networks of intermediaries who play certain roles in this scheme. There are managers of the scheme. Think of them as, I guess there's more senior agents or more senior spies calling the shots. There's a system that's been put into place and developed and it's developing in time. So for instance, one of the more recent developments is the North Koreans are using AI. The AI programs create resumes, they scale the Internet looking for remote IT job opportunities. The AI programs initially sometimes interact with recruiters as if they're a real person once they get through the door. Then the North Korean agent, who's a well trained operative, who speaks pretty good English and is trained to say, I'm actually stationed right now in the case of the operative that I encountered in San Jose, California, then the operative steps in and conducts a job interview and hopefully lands the job. So knowing all that, we actually set up a trap. We knew the sorts of jobs the North Koreans were after. We advertised one of those jobs using a friendly recruiter, in fact working for us, and we were partnered. We did this with dtex, the cyber company that's leading the charge fighting these malicious actors, put the job out there. Sure enough, AI interacts, or what looks like AI interacts with us, saying, yes, love to go for this role. I'm a Californian based IT professional, this is my resume. And keen, let's do the interview. There were some things about that identity used. We knew that was an identity that had been used previously in North Korean operations. So we had a very good sense this was likely to be a North Korean operation. But we didn't know until that interviewee appears, the job applicant appears. So I take the place as the recruiter. I'm being secretly filmed. I say, hello, welcome. I'm a recruiter. And who are you? And who pops up on the screen? Well, the person had gone for the job. His name is Aaron Pearson. Well, his alias is Aaron Pearson. And the photo I had of Aaron Pearson was of a black American. That was the person we thought would be popping up on screen because that person had been involved in other job applications that were of suspicion. In fact, what pops up, or the person that pops up is someone who looks Asian. Hello, Is that Aaron? Yeah, this is Aaron. Hey. Sorry for being late. Yeah, that's okay. To me. So, yeah, they don't look like an Aaron Pearson. They certainly don't look like the Aaron Pearson, the black American. On the resume I had, I already knew likely it was to be an operative. So to test that theory, he went through his technical expertise. But I then asked him, okay, you're saying you're living in San Jose, California. Have you been to Santa Cruz? That local surf break of yours? He doesn't like sharks, he tells me, what about Big Sur, that very famous landmark? Think of the big Californian redwoods. He wasn't overly o fait with those either. New York. He'd lived there for three years. He could not name the area in New York. Think about those famous New York areas. Manhattan, Brooklyn, the Bronx. He could not name where he lived. All he could say was on the west. Where were you living? What. What suburb? I'm sorry? Where in New York did you live? I'm in west coast of the New York. I'm in west part of New York area. The more I drilled, the more stilted he became. Finally, I said to him, well, you don't look like the Aaron Pearson, who I believe is the real Aaron Pearson. And he. He began to panic and push back. We know that when North Korean Asians are challenged about the regime for who they operate, if you say to them, tell me about the North Korean regime, they cannot ever speak ill of their dear leader, Kim Jong Un, or the regime itself. So I put it to him, pretty frankly. I said, we're worried about North Korean operatives. What do you think about the North Korean regime? And that's when he very quickly wrapped up the interview. We have in Australia sanctions. It means we cannot deal with anyone from North Korea. Are you comfortable with that? Questions are being asked at this interview. Can I tell you, Aaron, because I have a photo of Aaron Pearson. It's a different. The photo I have is of a black American. I'm not interested in it anymore. By then we had enough data points to know that he was a North Korean agent. We'd caught him out in the act and we, for the first time I think, really ever, of any Western media company called out a North Korean operative actually doing what's of such grave concern to our intelligence agencies across the world. After the break, the system or the operation put in place by North Korea relies on, on companies taking shortcuts. And the terrifying thing is too many big Aussie corporates are taking those shortcuts. Why? To save money.
[11:17]
A
And you've said that this is a relatively new problem for Australia, but we know that it's not new in the U.S. right? There was a significant case there involving a woman who became one of these so called laptop farmers, these intermediaries. So tell us about that.
[11:32]
B
We know this North Korean operation has been operating at scale for a decade. The US has been a great hunting ground for the North Koreans. It's a massive economy. Covid meant there was a huge reliance on stay at home or remote workers, especially IT workers, contract workers. This was a great time for North Korea to be operating. And people all over the world, you find people desperate for money and happy to take money to look the other way. And the North Koreans found a woman called Christina Chapman. She was an Arizonan, a run of the mill, pretty poor working class person who was desperate for a job in the North Korean sense that they gave her a job as what's known as a laptop farmer. And her job was this. Whenever a North Korean agent working on the COVID wins a job, gets a job at, be it a company like Nike or Boeing or any of the other American companies that were ultimately compromised, these remote workers, these undercover operatives, need a laptop to do their job. And so the US company needs to send them a laptop. She agreed to use her home address in Arizona to receive those laptops. When the FBI finally raided, her 90 laptops had been sent to her. It's estimated she helped these North Korean agents infiltrate 300 U.S. companies, including some big names like Nike. And I think the remarkable thing about her operation was not just how many companies were infiltrated and how many agents were involved, but really the unremarkable nature of her. She was a not too bright, not too well spoken, very ordinary American doing some pretty extraordinary things. Right now she's sitting in a jail cell serving eight and a half years in prison.
[13:15]
A
And in your investigation, she claims that she was unaware that she was a so called laptop farmer, that she was an intermediary between these North Korean, Korean spies and these American companies. Do you think there's any credibility to that? I mean, certainly. You also interviewed Jeanine Pirro, who is currently the United States Attorney for the District of Columbia. Very high profile in her own right. She's prosecuted this woman who again facilitated these North Korean fraudsters. So was there any credibility, any possibility that she just didn't know what she'd been contracted to do?
[13:49]
B
Well, the prosecutor, Jeanine Pirro, thought not. And I mean, I think if any of our listeners consider that their home would receive 90 laptops and they'd be asked to plug in dozens and dozens of Asian IT workers to US companies in such a bizarre fashion, you'd think you'd have your, your hackles up, you think you'd be a little bit suspicious. The idea that Chapman was an unwitting agent, a dupe, is pretty ridiculous. And I think we can see that in her ultimate sentence of eight and a half years for breaching, for harming US national security. But I think what her case really tells Australia is we know there's people out there that want to make a buck and who'll do the wrong thing to do so. They can do so in a way where they can pretend to some extent that they're simply operating, helping fill an IT gap for some bizarre company overseas and not really ask themselves, what am I truly up to? There are those sorts of people we suspect in Australia today. We do believe there's at least one laptop farm operating in Australia similar to that of Christina Chapman today. So it really shows that ordinary people can get swept up in what are very hostile operations by very dangerous regimes. In this case North Korea. They're likely to be here already in Australia and they're likely to be operating with some success.
[15:07]
A
And Nick, just to wrap up, what can companies and businesses do to protect themselves?
[15:12]
B
There's some very basic things. Check out in person, who you're hiring, do proper due diligence. Yes, AI. We know that China is now backing North Korea in this operation. So we've got some pretty high level Chinese AI operating here. Chinese government led Chinese technology created AI. It can be remarkable. It can come up with very good resumes. It can alter people's identities in video interviews, you can feed answers into people's earpieces. But still, companies have the ability to do thorough due diligence to combat that AI. And in person or real person challenge by checking, well, you say you did your university Here, tell me about what was happening in the year 2002. When you say you were stationed at Sydney University, were you aware of that flood event that happened in at Melbourne? When you say you're at Melbourne University, there's ways you can test these human the AI might be countering that, but there are ways and means. See your employee face to face. If they have an important role, ask them to come into your satellite office. Present some ID in person, knowing that ID can be doctored and faked as well. Have controls in place to make sure these North Koreans never get in the door. The system or the operation put in place by North Korea relies on companies taking shortcuts. And the terrifying thing is too many big Aussie corporates are taking those shortcuts. Why? To save money. That has to end. The issue really is these North Korean agents are good at their jobs. They are trained in coding, they are trained in other IT disciplines. They will be able to perform the role. So looking at their work won't necessarily raise any concerns. It will be other things. It will be their unusual flags about their working hours, the way they're logging in the systems they're using to log in, keeping in mind that they're going to be trying to counter the counter attack from the companies. Now this is an evolving fight. Just as companies begin to have technology to really detect whether fake IP addresses are being used to obscure a remote worker's real location. Just as that technology is developed and employed, new technology would be put in place to defeat it. So we need to have a continuous and continuously improving system of countering what is a very IT proficient army of North Korean agents ultimately working for one of the most pernicious and dangerous regimes in modern human history.
[17:49]
A
Well, thank you so much, Nick, for your time.
[17:52]
B
Great to be with you.
[18:03]
A
In other news today, politicians will be guarded at public events while their homes and offices will undergo security upgrades due to the most dangerous security environment in generations, according to experts. Sydney and Melbourne house values have fallen for a second consecutive month, but values soared in Perth, Brisbane and Adelaide. And more people are renting electric vehicles ahead of Easter amidst surging petrol and diesel prices. To find out more, visit theage.com au or smh.com Today's episode was produced by Chi Wong. Our executive producer is Tammy Mills, and our podcasts are overseen by Lisa Muxworthy and Tom McKendrick. If you like our show, follow the Morning Edition and leave a review for us on Apple or Spotify. Thanks for listening.