NSHC’s 2019 SectorA overview tracks North Korea-linked subgroups, with SectorA01, SectorA02 and SectorA05 the most active in the excerpted period. SectorA01 focused on financially motivated intrusions against banks, ATMs, cryptocurrency exchanges and targets across Africa, Southeast Asia, South America and Central Asia, while SectorA02 and SectorA05 pursued South Korean government, political and foreign-policy information. The report highlights spear-phishing with malicious HWP, Word and Excel documents, selective use of voice-record lures, malicious scripts and a WinRAR vulnerability, and notes that SectorA targeting expanded from East Asia and North America into the Middle East, Eastern Europe and Southeast Asia.