NSHC's February 2024 ThreatRecon report identifies two SectorA clusters, SectorA01 and SectorA05, in a broader monthly review of 26 threat actor groups. SectorA01 activity was observed in Vietnam, Germany, and the United States using PE malware disguised as the UltraVNC remote management tool. SectorA05 activity was observed in Hungary, South Korea, Singapore, Pakistan, and Germany using LNK malware disguised as trading lecture material and relying on the Dropbox API. NSHC says the final PE payload for SectorA05 supported DDoS, keylogging, and remote control functions, while SectorA operations continued to target South Korean political, diplomatic, and government information and financial resources worldwide.