NSHC’s December 2022 monthly report identifies SectorA02, SectorA05, SectorA06, and SectorA07 as the most relevant clusters for Korea-focused tracking, with activity observed in South Korea, Switzerland, France, Poland, and the United States. SectorA02 and SectorA07 used template-injection Word documents to fetch RTF, OLE, or CAB components from C2 servers, while SectorA05 conducted credential-phishing against broadcasting, telecommunications, and university targets. SectorA06 used cryptocurrency-exchange project and job-themed CHM files that invoked msiexec to download and run MSI payloads, collect host information, and take control of infected systems. The report assesses SectorA operations as long-running campaigns for political, diplomatic, government-related intelligence and financial gain.