The report comes amid recent allegations that North Korea is mining and hacking cryptocurrencies as a way to deal with crippling economic sanctions.
Researchers from the US cybersecurity firm Recorded Future say a new hacking campaign targeting South Korean cryptocurrency exchange Coinlink employed the same malware code used in the 2014 attack on Sony Pictures and last year's global WannaCry attack.
Beginning in late 2017, hackers attempted to collect the passwords and emails of employees at Coinlink, but were unsuccessful.
Recorded Future released a full report on Tuesday analyzing the methods used in the recent Coinlink attack, versus methods used in previous cyberattacks.
The firm found what it called strong evidence that a cybercrime unit called the Lazarus group was behind the Coinlink attack, as well as several previous large-scale campaigns, based on the type of code they have used in previous attacks.
According to the report, the Lazarus group operates under a North Korean state-sponsored cyber unit.