Months of research have revealed "connections between the many attacks attributed to North Korea" and allowed categorisation of "different tools used by specific teams of their cyber army", according to McAfee's Jay Rosenberg and Christiaan Beek.
According to the researchers, North Korea is involved in cyber crime to bring in foreign currency as well as "nationalist aims" such as intelligence gathering and disrupting rival states.
"We focused in our research on the larger-scale nationalism-motivated campaigns, in which we discovered many overlaps in code reuse. We are highly confident that nation-state–sponsored groups were active in these efforts," the two researchers said.
Many of those similarities had not been seen before, they claimed, and "some of these attacks and malware have not been linked to one another, at least publicly".
Some of this common code was found in malware dating from 2009 to 2017.
McAfee identified commonalities between the Dark Hotel attacks reported by Kaspersky in 2014 (but which had been going on for more than seven years) with malware attributed to North Korea.
"We clearly saw a lot of code reuse over the many years of cyber campaigns we examined. This indicates the North Koreans have groups with different skills and tools that execute their focused parts of cyber operations while also working in parallel when large campaigns require a mix of skills and tools."