NSHC ThreatRecon’s June 2024 monthly intelligence highlights four SectorA groups with activity across South Korea and several other regions, using phishing and social engineering against political, diplomatic, military, and financially relevant targets. SectorA01 used compressed files disguised as hiring tests and source code review tests to lead targets into executing malicious scripts. SectorA02 used HWP malware disguised as eligibility verification forms in South Korea, where opening the document for editing activated OLE and attempted a connection to an attacker server. SectorA05 approached military personnel through trust-building conversations as supposed university contacts before sending survey-themed compressed-file links, while SectorA07 used LNK files disguised as scholarship applications to download and run AutoIt-based malware. The report frames these SectorA operations as part of continued efforts to collect intelligence on South Korean government activity while also pursuing financial resources globally.