NSHC’s September 2025 threat actor intelligence notes SectorA activity centered on social engineering and malware against cryptocurrency, retail, national intelligence, and academic targets. The DPRK-relevant section describes BeaverTail and InvisibleFerret delivery through fake recruitment websites, a shift toward ClickFix-style execution of compiled payloads, and rapid infrastructure replacement to keep victims engaged. It also cites malicious software disguised as Nvidia updates on Windows and macOS, Chrome zero-day spyware cases involving PondRAT and ThemeForestRAT, and LNK-to-PowerShell phishing that used cloud services for command-and-control. The activity matters because it combines credential and data theft, remote access, deception, infrastructure agility, and AI-assisted spear phishing in campaigns aimed at high-value users and institutions.