North Korean hackers with links to Kim Jong-un could be launching a secret cyber attack against the US, according to security experts.
Best known for the WannaCry ransomware attack, the illusive espionage group dubbed Lazarus Group now appears to be trying to access huge amounts of military information.
They have been sending phishing emails with infected Microsoft Word attachments to individuals involved in US defence, the report says.
The findings come at a politically precarious time, as leaders of the US and North Korea exchange threats about nuclear warfare.
The Lazarus Group was blamed for a string of hacks dating back to at least 2009, including last year’s WannaCry hack.
During the May 14 attack, hackers broke into 230,000 computers and encrypted the files – demanding the owners pay them $300 to $600 (£233-£466) in bitcoin to unlock them.
The ransomware – which encrypts victims’ files then demands a fee to unlock them – left Britain’s health service crippled as computer systems and phone lines across the country shut down.
New sources suggest the hackers may now be ‘targeting individuals involved with United States defence contractors’.
They appear to be using the same ‘weaponised documents’ from previous hacks, according to analysis of malicious code, files and infrastructure, according to researchers at Palo Alto Networks.