The computer hackers who stole Canadian casinos’ customer data and posted it online will likely strike again, according to a new report by a cybersecurity company.

On Friday, the US-based FireEye security firm issued a report identifying a shadowy group it’s calling FIN10 as the culprits behind the cyber-targeting of at least 10 Canadian companies between 2013 and 2016.

FireEye didn’t identify any of the companies by name, but previous media reports have linked FireEye to an investigation into last year’s hacking of the River Cree Resort and Casino near Edmonton, Alberta. Two other Canadian casinos – Ontario’s Casino Rama Resort and the Cowboys Casino in Calgary – suffered similar attacks in 2016.

FireEye said it was unable to specify where the FIN10 group might be based, but noted that its members appear to be native English-speakers, despite efforts to claim that it was (alternately) a Russian or Serbian outfit by (apparently) running its communications through online translation tools. FireEye also doubts that FIN10 is a state-sponsored outfit, as it employs common and widely available tools and techniques.