| SYMBOL | COMMON_NAME | aka. SYNONYMS |
NICKEL ALLEY is a North Korean threat group that targets technology professionals through fake job opportunities, employing social engineering tactics such as creating fraudulent LinkedIn pages and GitHub repositories for malware delivery. They utilize the ClickFix tactic to deploy the PyLangGhost RAT, which supports file exfiltration and system profiling, particularly focusing on Chrome cryptocurrency wallet data. The group has also leveraged Visual Studio Code tasks to execute commands for malware retrieval based on the victim's operating system. Their operations indicate a dual focus on cryptocurrency theft and potential supply chain compromise or corporate espionage.
There are currently no families associated with this actor.
| 2026-03-23
⋅
Sophos
⋅
NICKEL ALLEY strategy: Fake it ‘til you make it PylangGhost GolangGhost Nickel Alley |