NSHC’s 2023 SectorA review says the North Korea linked cluster was most active through SectorA05, SectorA02, and SectorA01, with the heaviest targeting against financial industry workers and systems, followed by research and government institutions. South Korea was the most frequently targeted country, with activity also affecting the United States, India, Japan, and the United Kingdom. Spear phishing links were the leading initial access route, CVE-2023-29059 in the 3CX Desktop App was the top exploited vulnerability, and OneDrive was the most used cloud tool for C2 delivery of additional malware.