The hackers who wiped tens of thousands of PC hard drives in South Korea earlier this year appear to have also been targeting the country's military secrets.
A report from security software firm McAfee Labs said the hacking group has created malware which scans systems for keywords including "weapon", "US Army" and "secret".
McAfee warns that if the hackers succeed in compromising networks they could "grab documents at will", although South Korea has played down the threat.
The country's defence ministry told the Associated Press news agency that it was "technically impossible" to lose classified reports because the computers on which military secrets were stored were not connected to the internet.
The US Pentagon, however, says it is reviewing the McAfee report. McAfee said it had opted to withhold other "sensitive" hacking search terms in its report "at the request of US officials".
McAfee believes the attacks were part of a long-term spying operation going back to at least 2009. The company started investigating the hacking group following an attack this March, which caused data held on PCs used by several banks and TV networks to be deleted.
Whilst the malware used to wipe the disks was different from that used to hunt for the military secrets, McAfee said there were so many similarities between the two that it must have been created by the same hacking team.
McAfee traced the spying effort back to 2009, when it said the hackers managed to place a security exploit on a military social networking site.
It is not known who is behind the hacking gang involved in the March attacks in South Korea, although the government has said it suspects North Korea could be involved.