NSHC's February 2025 threat actor intelligence report summarizes activity from multiple tracked groups, including SectorA clusters associated with North Korean operations. The report describes recruitment-themed social engineering on LinkedIn, Telegram, and Discord that leads victims to execute attacker-provided commands and install backdoor malware, HWP document lures that exfiltrate files through cloud services such as pCloud and Yandex, phishing pages impersonating tax and portal services, and malicious LNK files tied to tax-collection themes. It assesses that these groups continue both strategic intelligence collection against Korea-related government and diplomatic targets and financially motivated operations worldwide.