NSHC’s January 2025 intelligence report recorded four SectorA clusters, with activity observed in Brazil, the United States, Russia, Poland, the Netherlands, France, South Korea, the United Kingdom, and Japan. SectorA01 impersonated recruiters on LinkedIn, Telegram, and Discord, conducted video-interview lures, and induced targets to copy and run commands that installed malware with backdoor capability. SectorA04 targeted asset-management and data-loss-prevention solutions, took control of management servers, and used malware for backdoor access and keylogging. SectorA05 used defense-industry spear-phishing emails with malicious HWP attachments abusing OLE objects, then registered scheduled tasks to download and run batch files that delivered malware as needed. SectorA07 used LNK files disguised as national-tax invoice material, leading to Visual Basic Script and batch malware for information collection and additional payload download.