NSHC’s July 2022 ThreatRecon report summarizes activity from 31 threat actor groups observed between June 21 and July 20, with SectorJ, SectorA, and SectorE accounting for prominent portions of the activity. The SectorA section reports four groups: SectorA01 distributed ransomware against healthcare and medical-sector companies in Japan, the United Kingdom, the United States, South Korea, and Austria, while SectorA04 targeted small European companies with ransomware. SectorA05 targeted South Korean professors, journalists, and researchers in defense, diplomacy, security, and unification fields with spear-phishing emails, and SectorA07 used spear-phishing emails with compressed attachments across Russia, Malaysia, Poland, Czechia, and Israel. The source states SectorA groups pursue both long-running collection of high-value information related to Korean political, diplomatic, and government activity and financially motivated activity worldwide. Across the broader report, recurring TTPs include spear-phishing, malicious documents, compressed archives, phishing sites, Android malware, ransomware, Cobalt Strike, keylogging, screen capture, and credential or financial-data theft.