NSHC's December 2024 threat actor report observed 65 total group activities, with SectorJ accounting for 49% and SectorA and SectorE following. SectorA activity included recruitment-themed social engineering, a Korean LNK lure named for Kim Guk-seon's lecture materials, Naver credential phishing, and CHM malware that used PowerShell to download and run batch scripts. The report assesses SectorA as pursuing intelligence related to Korean political, diplomatic, and government activity while also conducting financially motivated operations globally.