NSHC’s 2022 SectorA activity summary reports seven North Korea-linked SectorA subgroups conducting both intelligence collection against South Korea-related political, diplomatic, government, research, and defector communities and financially motivated activity worldwide. The report says SectorA05 was the most active in 2022, followed by SectorA06 and SectorA01, with major target sectors including government, research, finance, broadcasting, and education and the heaviest geographic focus on South Korea, followed by the United States, United Kingdom, and Russia. Observed delivery tradecraft included malicious Word, Excel, HWP, CHM, LNK, and archive attachments; phishing pages impersonating popular services such as Naver and Google; and lures themed around North Korea issues, job offers, invoices, tax/legal documents, cryptocurrency, media outreach, and government communications. The summary also notes subgroup-specific activity such as SectorA01 ransomware and job-themed operations, SectorA05 spear-phishing against diplomacy, defense, media, and North Korea human-rights targets, and SectorA06/Lazarus-style LNK campaigns against financial and global targets.