North Korea continues its cyberattacks on financial entities and targets now include those handling cryptocurrency, a new report finds.

Through late 2017 North Korea continued a spear-phishing campaign against South Korea that targeted cryptocurrency users, exchanges and South Korean college students interested in foreign affairs, the report, published by IT company Recorded Future, stated.

“Beginning in 2016, researchers discovered a shift in North Korean operations toward attacks against financial institutions designed to steal money and generate funds for the Kim regime,” the report said.

This most recent incursion is a continuation of these operations leveraging a variety of techniques, such as mining, ransomware and theft.

In the face of the barrage of attacks from its northern neighbor, South Korea will harden defenses, leading North Korean cyber operators to look to exchanges and users in other countries, the report said.

As such, the report warns international financial institutions to be aware of the increased threat level from North Korean actors.