SEOUL—A new hacking offensive against cryptocurrency investors uses malware similar to that deployed in North Korea’s attack on Sony Pictures Entertainment and its WannaCry ransomware assault, cybersecurity researchers said, providing further evidence of Pyongyang’s involvement in crypto heists.

U.S. cybersecurity firm Recorded Future in a report on Tuesday identified the Lazarus group—a hacking operation with links to the North Korean regime—as behind the malware campaign, which began targeting users of a South Korean exchange...