NSHC’s December 2024 report lists four SectorA groups active in DPRK-linked operations, with activity observed in South Korea, Russia, and South Korea-focused targeting. SectorA01 used LinkedIn hiring-manager impersonation and fake job opportunities, with final malware communicating with C2 infrastructure to download payloads or leak sensitive data. SectorA02 used a Windows LNK lure named as Kim Kuk-sung lecture materials and attempted file theft through backdoor malware and cloud services such as pCloud and Yandex. SectorA05 targeted Naver account credentials through a fake login page, while SectorA07 used a CHM file disguised as a financial transaction confirmation document to run PowerShell and download additional batch-script malware.