NSHC's July 2024 threat-actor report identifies four SectorA groups in North Korea-linked activity. SectorA01 posed as hiring managers and used compressed files named as hiring tests or source-code review tests to induce malicious script execution across targets in countries including France, Pakistan, Taiwan, the United States, India, South Korea, and Vietnam. SectorA04 targeted South Korean corporate central-management solutions to spread malware through file-distribution functions after exploiting vulnerabilities. SectorA05 used lecture-request LNK lures with Dropbox API based fileless delivery, while SectorA07 used a VAT revision notice LNK in South Korea that launched VBS and batch scripts for information collection and additional malware download.