NSHC observed SectorA activity against development environments and high-risk social sectors during the May 21 to June 20, 2025 collection period. The group used GitHub, Supabase, ethers.js, NPM, fake NFT projects, and freelance-proposal lures to pursue supply-chain access and steal cryptocurrency private keys, credentials, API tokens, and GitHub authentication data. The excerpt also describes phishing against journalists, professors, civil-society activists, academia, social-movement organizations, and military institutions, with PowerShell, LNK, AppleScript, AppleSeed, KimJongRAT, macOS malware, and legitimate services such as AnyDesk, Zoom, Dropbox, Google Drive, and cloud infrastructure used for delivery or C2. The activity matters because it shows a broad DPRK-relevant pattern of developer-focused financial theft, social-engineering intrusions, multi-platform payloads, and abuse of trusted cloud and collaboration services.