NSHC ThreatRecon reported January 2024 activity from five SectorA groups, the DPRK-relevant cluster it tracks separately from other actor sets. SectorA01 used PE malware disguised as PuTTY against targets in countries including South Korea, the United States, Germany, India, Russia, and Brazil, while SectorA02 used an LNK lure themed as a unification strategy forum guide to run PowerShell and execute follow-on malware in memory. SectorA05 disguised a PE payload as a Foxit PDF Reader update, SectorA06 used Mach-O malware disguised as JPG files against macOS users in Colombia, and SectorA07 used a CHM lure tied to a patent-fee payment confirmation to run additional PowerShell-delivered malware. The report says SectorA operations continued to target South Korean political and diplomatic information while also pursuing activity worldwide to secure funds.