NSHC's July 2023 ThreatRecon report describes SectorA activity across five clusters, with operations observed in Korea, China, Japan, Australia, the United States, Singapore, Vietnam, India, and several European countries. SectorA01 used malware disguised as VNC software, SectorA02 delivered CHM malware themed around insurance payment transfers, and SectorA05 used a divorce confirmation Word lure that downloaded a VBS payload. SectorA06 targeted a Japanese cryptocurrency exchange with Mach-O malware that collected system information and could run Python scripts or shell commands. SectorA07 distributed ZIP files containing taxpayer themed LNK malware that staged Visual Basic and batch scripts for system information collection.