Monthly Threat Actor Group Intelligence Report, July 2025
Contents
Monthly Threat Actor Group Intelligence Report, July 2025
This is a summary of the activities of hacking groups (Threat Actor Groups) analyzed based on data and information collected by the NSHC Threat Research Lab from June 21, 2025, to July 20, 2025.
In July, activities of a total of 71 hacking groups were identified, with unidentified groups making up the largest portion at 59%, followed by the activities of SectorJ and SectorA groups.
The hacking activities of hacking groups discovered this July primarily targeted officials or systems in government agencies and the financial sector, with the most attacks being carried out against countries located in North America and Europe.
SectorA group has been actively conducting infiltration activities into the software supply chain, focusing on the developer ecosystem. By using typo-squatting techniques that mimic legitimate package names, they distribute a malicious loader through the open-source package manager (npm). This serves as a basis for staged …
This is a summary of the activities of hacking groups (Threat Actor Groups) analyzed based on data and information collected by the NSHC Threat Research Lab from June 21, 2025, to July 20, 2025.
In July, activities of a total of 71 hacking groups were identified, with unidentified groups making up the largest portion at 59%, followed by the activities of SectorJ and SectorA groups.
The hacking activities of hacking groups discovered this July primarily targeted officials or systems in government agencies and the financial sector, with the most attacks being carried out against countries located in North America and Europe.
SectorA group has been actively conducting infiltration activities into the software supply chain, focusing on the developer ecosystem. By using typo-squatting techniques that mimic legitimate package names, they distribute a malicious loader through the open-source package manager (npm). This serves as a basis for staged …