Two of the world’s most prolific state-linked cybercrime groups — Russia’s Gamaredon and North Korea’s Lazarus collective — have been spotted sharing resources, new research showed on Thursday.

Experts at cybersecurity firm Gen Digital found overlapping tactics and shared infrastructure between the two groups.

The discovery is “unprecedented,” said Director of Threat Intelligence at Gen Digital Michal Salat. “I don’t recall two countries working together on [Advanced Persistent Threat] attacks,” he said, referring to attacks that are sophisticated, long-term campaigns often conducted by nation-state actors.

If confirmed, it would mark a new level of coordination between Moscow and Pyongyang.

The Gamaredon cybercrime group is linked to Russia’s Federal Security Service and has aggressively targeted Ukrainian government networks since the start of the invasion in 2022, mostly for intelligence collection. Lazarus, a well-known North Korean threat group, conducts everything from espionage to financially motivated cybercrime.

While tracking Gamaredon’s use of Telegram channels to share the servers controlling its malware, analysts discovered that one of those servers was also being used by Lazarus.

One Gamaredon-run server was also found hosting a hidden version of malware linked to Lazarus. The file closely matched Lazarus’ typical tools. Nation-state hacking groups rarely host or distribute one another’s malware.

Researchers believe the findings indicate the two groups are likely sharing systems, and could very well be cooperating directly. At a minimum, it shows that one group is deliberately imitating the other.

Salat added that Gamaredon may be studying Lazarus’ methods, too. Lazarus is known for using fake job offers to trick victims and for stealing cryptocurrency, a key revenue source for North Korea, which is under heavy global sanctions.

Moscow and Pyongyang have increased cooperation, including among their militaries, in previous years. Western security services believe Pyongyang has sent thousands of North Korean soldiers to Russia to support the war in Ukraine. Ukrainian authorities last month said North Korean troops were flying drones across the border, and Ukrainian military intelligence said last week North Korea would send thousands of workers to Russia to manufacture drones.