North Korean-linked hacker group Lazarus is now targeting US defence contractors.
The hacker group has previously been linked to massive global attacks, including the WannaCry ransomware epidemic, as well as attacks against international banks.
Security experts at Palo Alto say that the hacker group has launched a new phishing campaign targeting "individuals involved with United States defence contractors."
The hackers were found sending phishing emails, containing malicious Microsoft Word documents, presumably in efforts to collect information.
The report of Lazarus' activities comes amid heightened tensions between North Korea and the US and just days after US president Donald Trump threatened "fire and fury" over Pyongyang's recent nuclear weapons advance.
Palo Alto researchers have said that the Lazarus group's hackers have done little to hide their identity and are currently "reusing tools, techniques, and procedures which overlap throughout these operations with little variance."