Bitcoin and other cryptocurrencies’ surging prices have apparently caught the eyes of more than just excited investors. According to cyber researchers, a cybercrime gang that is possibly working from within the North Korean government is showing interest as well.

Trying to steal the online credentials of bitcoin industry insiders, this Lazarus cybercrime gang is under investigation by researchers at U.S. cyber security firm, Secureworks’s Counter Threat Unit (CTU).

The company, along with other security firms believes that North Korea is probably behind the Lazarus group, which they link to an $81 million cyber heist last year that occurred at the Bangladesh central bank, along with a 2014 attack on Sony’s Hollywood studio, where a lot of info was compromised.

“Given the current rise in bitcoin prices, CTU suspects that North Korea’s interest in cryptocurrency remains high and is likely continuing its activities surrounding the cryptocurrency,” explained Secureworks in a statement given to Reuters.

Last month, Secureworks spent time monitoring a targeted email campaign that was aimed at tricking victims into clicking on a compromised link advertising a job opening for a chief financial officer position for a London cryptocurrency company.

The unfortunate people that clicked on the link became infected with malicious code from an attached document within the email that installed software which took remote control of the victim’s device, allowing hackers to download further malware or steal data.

This particular malware shares technical links with previous campaigns led by the sly cybercrime group Lazarus, which Secureworks has named, “Nickel Academy”.

Therefore, with the recent intrusions into several bitcoin exchanges in South Korea, suspension leans heavily toward North Korea again.

Evidence of North Korea’s interest in bitcoin has been discovered by Secureworks that dates all the way back to 2013. A spokeswoman for Secureworks shared that the company plans to release its preliminary findings soon, and then a more complete report will be published later, once they have all the details.