← All Threat Actors
Threat Actor Profile

Nickel Alley

No known aliases in database
▲ High Threat
Contagious Interview, Software Supply Chain Compromise (npm/GitHub)
Origin North Korea
Sponsor North Korean Government (DPRK)
Motivation Financial gain via cryptocurrency theft and strategic corporate espionage/supply chain compromise.

Target Sectors

Software Developers Technology Sector Professionals Financial Services Employees Freelance Workers (Upwork, Fiverr) Open Source Ecosystem (npm, GitHub)

Known TTPs

Social Engineering (Fake Job Recruitment)
ClickFix (Malicious command execution via fake error messages)
npm Package Typosquatting
Compromised npm/GitHub repositories
VS Code Auto-Run Task Abuse
Fake LinkedIn Company Pages
PyLangGhost RAT deployment
GolangGhost deployment
StoatWaffle malware delivery

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD