NSHC’s July 2025 threat actor roundup says SectorA was active against the software supply chain and developer ecosystem. The SectorA section describes typosquatted npm packages that deliver a malicious loader, collect system details, credentials, and cryptocurrency wallet data, and support staged information theft and backdoor installation. The same section notes phishing activity using ClickOnce prompts, malicious LNK files, and image-disguised attachments, with GitHub and cloud storage used as command-and-control infrastructure. The activity matters because it combines developer-focused supply-chain abuse, credential and wallet theft, and cross-platform malware, including Android-related campaigns, into infection chains built around user-behavior manipulation.