North Korean cybercriminals impersonated a prominent nonprofit organization that works with defectors to target activists in a recent campaign, according to a South Korean security firm.

Cybercrime syndicate ScarCruft, also known as APT37, sent phishing emails mimicking a Facebook notice by Liberty in North Korea (LiNK) about its “Changemaker Scholarships,” Genians said in a report published Friday.

The report did not identify a specific target, but indicated that it was likely part of a wider cyber espionage campaign aimed at stealing personal information and monitoring the lives of North Korea experts in South Korea and