NSHC's April 2025 SectorA reporting describes social-engineering operations against cryptocurrency, defense technology, engineering, and broader technology targets. The group used fake recruitment processes, technical tests, fake GitHub projects, BitBucket-hosted files, npm supply-chain attacks, Golang backdoors, and a YAML deserialization-based loader to gain initial access and deliver malware. BeaverTail and InvisibleFerret are highlighted as custom payloads used for credential theft, system profiling, C2 communication, additional payload delivery, and detection evasion through encryption, obfuscation, and cross-platform support. The activity matters for DPRK-focused tracking because it shows continued use of developer trust, legitimate code-hosting platforms, and tailored malware to support credential theft, persistence, and potential cryptocurrency-related intrusion objectives.