NSHC's 2023 SectorA activity summary says seven SectorA subgroups ran both South Korea-focused intelligence collection and financially motivated operations worldwide. SectorA05 was the most active subgroup, followed by SectorA02 and SectorA01, with financial institutions, research organizations, and government agencies among the most frequent targets. Spear-phishing links were the most common initial access method, used to harvest credentials or persuade targets to execute malware. The excerpt also highlights exploitation of CVE-2023-29059 in 3CX DesktopApp and abuse of OneDrive as command-and-control-like infrastructure for downloading and running additional malware.