NSHC’s April 2023 ThreatRecon report says SectorA remained the most active cluster set and documents five SectorA subgroups operating across South Korea, Ukraine, Europe, North America, and Asia. SectorA01 conducted a supply-chain attack against a VOIP provider to distribute Windows and Mac malware that collected system and browser data, while SectorA02 used ISO-packed LNK malware themed around North Korean diplomacy and sent collected system data to cloud services such as pCloud and Yandex. SectorA05 targeted South Korean diplomacy and security personnel with spear-phishing emails and malicious Word documents, SectorA06 used cryptocurrency-themed OneNote files that launched MSI/DLL payloads, and SectorA07 used tax-office-themed ZIP/LNK malware to collect process, file, installation, and network information. The report characterizes SectorA as pursuing South Korea-related political and diplomatic intelligence while also conducting financially motivated activity worldwide.