"North Korean government actors, specifically Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017, before Kim Jong-un’s New Year’s speech and subsequent North-South dialogue," the report, published on Tuesday, said.
According to the report, the hacking campaign targeted not only cryptocurrency users, but also South Korean students with an interest in foreign affairs and belonging to a "Friends of MOFA" (Ministry of Foreign Affairs) group.
The report pointed to the similarity between the code used in the latest attacks and the one in Destover malware used for the attacks on Sony Pictures Entertainment in 2014 and WannaCry attack in February 2017.
According to the analysts, the use of Chinese terms in the exploit implementation might be a false flag maneuver.
In mid-December, the South Korean intelligence agency said it obtained proof of Pyongyang's alleged complicity in the theft of personal data of about 30,000 users of the Bithumb cryptocurrency exchange.
Pyongyang has reportedly increased the number of its cyber attacks after the toughening of international sanctions aimed at suppressing its nuclear program. Britain's MI-6 accused last year cybercriminals of attacking the British National Health Service (NHS), effectively disrupting its work for almost a day.