NSHC’s May 2025 threat-actor roundup notes SectorA activity against macOS and Windows systems, with a particular focus on cryptocurrency targets. The SectorA section describes fake recruitment lures using LinkedIn, GitHub, and interview sites to deliver malware including BeaverTail and InvisibleFerret, alongside RoKRAT-family fileless intrusions using cloud-based C2. The activity spans Bash scripts, Windows LNK files, and PowerShell scripts, with the goal of credential theft, reconnaissance, and backdoor installation. For DPRK-focused tracking, the relevant value is the combination of crypto-sector targeting, developer/recruitment tradecraft, and cross-platform malware families seen in financially motivated intrusion chains.