NSHC's 2023 SectorA review describes North Korea state backed groups conducting both intelligence collection tied to Korean political and diplomatic issues and financially motivated intrusions worldwide. SectorA05 was the most active subgroup, followed by SectorA02 and SectorA01, with financial institutions, research organizations, and government bodies among the most frequent targets. The report says spear phishing links were the most common initial access path, CVE-2023-29059 in 3CX DesktopApp was the most used vulnerability, and OneDrive was abused as C2-like infrastructure to download and run additional malware while blending into normal cloud traffic.