A North Korean cyberspy group known as “Reaper” is rapidly expanding its operations and scope of capability posing a global threat to overseas networks, according to a new report from the California cybersecurity firm FireEye Inc.

The group is also identified by FireEye as APT37 and has been active since at least 2012, focusing primarily on the public and private sectors in South Korea. In 2017, the group began attacks on Japan, Vietnam, and the Middle East, according to the report.

FireEye said it had “high confidence” the activities carried out by APT37 are on behalf of the North Korean government and include use of wiper malware and zero-day vulnerabilities, where hackers exploit vulnerabilities in computer software on the same day those vulnerabilities become known, preventing developers from the opportunity to fix problems before they occur.

“Our concern is that this could be used for a disruptive attack rather than a classic espionage mission, which we already know that the North Koreans are regularly carrying out,” FireEye Director of Intelligence Analysis John Hultquist said to the Washington Post.

APT37 joins North Korean leader Kim Jong Un’s growing list of hacking units that have been accused of being behind massive cyberattacks in the past, including the group “Lazarus’” hack on Sony Pictures in 2014. U.S. officials also blamed the Kim regime for the WannaCry virus last year.

“Ignored, these threats enjoy the benefit of surprise, allowing them to extract significant losses on their victims, many of whom have never previously heard of the actor,” FireEye said in an emailed statement to Bloomberg.