Monthly Threat Actor Group Intelligence Report, September 2025
Contents
Monthly Threat Actor Group Intelligence Report, September 2025
This is a summary of the activities of hacking groups (Threat Actor Groups) analyzed based on data and information collected by the NSHC Threat Research Lab from August 21, 2025, to September 20, 2025.
In September, activities of a total of 92 hacking groups were identified, with the largest portion being unidentified groups at 55%, followed by the activities of SectorJ and SectorA groups.
Analyzing the hacking activities of the SectorA group suggests that they primarily lead attacks by combining social engineering techniques with sophisticated Malware. Malware such as BeaverTail and InvisibleFerret target marketing and trading personnel in the cryptocurrency and retail sectors and are distributed through fake recruitment websites. The attackers appear to have shifted from script-based distribution to executable file distribution by using the ClickFix technique to lure victims into directly executing compiled executables. Internal coordination is observed to utilize Slack, and activities …
This is a summary of the activities of hacking groups (Threat Actor Groups) analyzed based on data and information collected by the NSHC Threat Research Lab from August 21, 2025, to September 20, 2025.
In September, activities of a total of 92 hacking groups were identified, with the largest portion being unidentified groups at 55%, followed by the activities of SectorJ and SectorA groups.
Analyzing the hacking activities of the SectorA group suggests that they primarily lead attacks by combining social engineering techniques with sophisticated Malware. Malware such as BeaverTail and InvisibleFerret target marketing and trading personnel in the cryptocurrency and retail sectors and are distributed through fake recruitment websites. The attackers appear to have shifted from script-based distribution to executable file distribution by using the ClickFix technique to lure victims into directly executing compiled executables. Internal coordination is observed to utilize Slack, and activities …