Police say North Korea is behind a phishing scam that targeted South Koreans with emails falsely promising to reveal intelligence documents related to the December 3 martial law incident.

The National Police Agency revealed on Tuesday the results of an investigation that found a North Korean hacking group sent out over 126-thousand fake emails targeting more than 17-thousand-700 people in an attempt to steal their personal information.

From November last year to January of this year, the police agency said the hacking group employed 30 different phishing tactics, offering access to concert tickets, tax refunds, documents analyzing North Korea issues, and even the martial law document written by the Defense Security Command.

The agency said the fake emails were designed to steal sensitive data by making victims click on malicious links that would connect them to a phishing site.

Email recipients included government officials, researchers and journalists working on unification, security, defense and diplomacy issues, according to the police agency, which said 120 people fell victim.

The police also discovered the server used for these phishing scams had been employed by North Korea in the past, and that the IP address used was located in an area between North Korea and China’s Liaoning Province.

But there was no evidence that North Korean hacking organizations such as Lazarus or Kimsuky were involved.