NSHC’s July 2021 threat actor report describes SectorA activity relevant to DPRK-focused tracking, including SectorA01 operations seen in the United States, Russia, Taiwan, Sweden, and China using LNK malware disguised as aircraft, blockchain, and developer-guide documents. SectorA02 targeted South Korean unification-related personnel with spear-phishing emails impersonating a public-institution researcher and malicious links intended to collect victim information. SectorA05 targeted South Korean defense, diplomatic-security, and university personnel with malicious Word macros and template injection, using a domestic blog service as C2 to retrieve payloads; the report assesses SectorA groups as pursuing Korean political and diplomatic intelligence while also conducting financially motivated global hacking.