NSHC’s December 2024 threat-actor roundup observed four SectorA clusters, with activity primarily found in South Korea and one cluster also seen in Russia. SectorA01 used LinkedIn-style recruitment lures to approach potential victims and deploy malware capable of contacting C2, downloading additional payloads, and exfiltrating sensitive data. SectorA02 used a malicious Windows LNK file named as lecture materials and a backdoor that stole files and transferred them through cloud services such as pCloud and Yandex, while SectorA05 attempted to steal Naver email credentials through a fake login page. SectorA07 used a CHM file disguised as a financial transaction confirmation to run PowerShell commands that downloaded and executed an additional batch script. The SectorA section frames these operations as continuing collection against South Korea-related political, diplomatic, and government activity, alongside financially motivated operations.