NSHC’s February 2025 intelligence report identified multiple SectorA activity clusters using recruiter impersonation, phishing, malicious documents, and shortcut-file malware in campaigns spanning South Korea, Japan, the United States, Europe, and other regions. SectorA01 posed as recruiters on LinkedIn, Telegram, and Discord and tricked targets into copying and executing commands that led to backdoor malware. SectorA02 used malicious Hangul documents with North Korea-related content against South Korea and Japan, then stole files on attacker command and transferred them through cloud services such as pCloud and Yandex. SectorA07 used Windows shortcut files disguised as national tax collection support-document requests, leading to Visual Basic Script and batch-script malware that collected information and downloaded additional payloads. The report frames SectorA activity as a long-running effort to collect intelligence on South Korean political and diplomatic activity while also pursuing financial resources globally.