NSHC's August 2023 monthly threat actor report says SectorA activity was the most frequently observed in its collection period, with operations seen across government, finance, and East Asia-focused targeting. The DPRK-relevant SectorA section describes four clusters: SectorA01 targeting JumpCloud in a supply chain attack, SectorA02 using malicious CHM files themed around insurance contract status, SectorA05 deploying Visual Basic Script droppers disguised as consent forms, and SectorA07 using LNK files disguised as cooperation notices. The report says these groups pursue Korean political and diplomatic intelligence while also conducting financially motivated hacking worldwide.