The group, active since at least 2014, has conducted operations in 16 organizations in 11 countries, FireEye reports, “indicating that the group is a large, prolific operation with extensive resources.”

APT38 traditionally functions via malware that puts false transactions into the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a system used for bank transfers, says FireEye. They then transfer funds to banks around the world, delete the evidence, and launder the money.

“APT38 is unique in that it is not afraid to aggressively destroy evidence or victim networks as part of its operations,” FireEye stated in its report, adding that the group is “active and dangerous.”

According to the Associated Press, North Korea has a history of using malicious cyber activity to raise funds. While the country’s ruler, Kim Jong Un, has appeared to be making efforts towards cooperating with world leaders, he has yet to take active steps towards dismantling his nuclear weapons program. Thus North Korea is still blockaded from most world trade via sanctions, limiting its revenue.

APT38’s largest heist, says AP, targeted the central bank of Bangladesh in February 2016, when the group stole $81 million by wiring the money to bank accounts associated with fake identities in the Philippines. In all, they’ve attempted to steal $1.1 billion.

The U.S. government has long been aware of North Korea’s advanced hacking abilities. The Department of Homeland Security warned of North Korean cyber activity earlier this year, just days after President Donald Trump met with Kim Jong Un, CNN reports.

North Korea is also suspected of being behind the 2017 WannaCry ransomware attack and the 2014 hacking of Sony Pictures Entertainment. The Justice Department indicted a North Korean programmer last month for his alleged role in these and other operations.