The group, dubbed Reaper, stepped up its efforts to spy on big South Korean conglomerates last year, cybersecurity research firm FireEye said in a report published Tuesday.
"We're talking multinationals, they have offices all over the world. Companies like that, any effect can reverberate, because it's global already," said John Hultquist, FireEye's director of intelligence analysis.
Most of the global cyberattacks previously tied to North Korea have been attributed to a group known as Lazarus. FireEye said Reaper is now another threat that governments and companies need keep an eye on.
"We expect very aggressive activity in the near future," Hultquist said.
He declined to name the target firms but said they are Fortune Global 500 companies that are "the crown jewels" of the South Korean economy.
Samsung Electronics (SSNLF), Hyundai (HYMTF) and LG Electronics all fit that description.
Related: The Olympics are an irresistible target for cybercriminals
A spokeswoman for LG said she is not aware of any cyberattacks by North Korea against the company. Samsung and Hyundai did not immediately respond to a request for comment.
Hackers associated with North Korea have previously been linked to a massive global ransomware attack last year, heists on banks around the world in 2016 and the hacking of Sony Pictures in 2014.
FireEye said Reaper has been active since at least 2012. It drew little attention as it discreetly spied on South Korea's government, military, defense and media sectors. But last year, the hackers became more ambitious, targeting big South Korean conglomerates in industries like aerospace, electronics, automotive and manufacturing.
So far, their efforts have taken the form of "classic espionage" by focusing on covert intelligence gathering, Hultquist said. But he warned that they are capable of inflicting serious damage.
"If you wanted to target South Korea's economy, it could be as easy as a ransomware attack on a series of major companies," he said.
Related: North Korea's long history of hacking
Kim Jong Un's regime has repeatedly denied involvement in international cyberattacks. But FireEye says it is highly confident that Reaper is acting on behalf of the North Korean government.
"They have shown very little regard for norms and red lines, and again and again pushed the limits of acceptable behavior for a nation state," Hultquist said.
Related: North Korea linked to new cryptocurrency attacks
Reaper is already expanding beyond South Korea by pursuing targets in the Middle East, Japan and Vietnam.
A Middle Eastern telecommunications company was targeted last year after a business deal in North Korea went bad, according to FireEye. It "may have been an attempt by the North Korean government to gather information on a former business partner," the report said.
Other targets include the director of a Vietnamese international trading and transport company, and people in Japan working with organizations related to the Olympics.
CNNMoney (Hong Kong)