NSHC's June 2024 threat actor report includes four SectorA clusters active across Australia, Argentina, Turkey, Israel, the Philippines, France, the United States, South Korea, Germany, China, and other countries. SectorA01 used recruiter and hiring-test themes to push compressed files containing malicious scripts, while SectorA02 used HWP malware disguised as an eligibility confirmation form that triggered OLE-based contact with an attacker server. SectorA05 built trust with military-related targets through direct communication and delivered survey-themed archives that executed Windows PE malware. SectorA07 used scholarship-application LNK files to download and run AutoIt malware, with NSHC assessing the broader SectorA activity as a mix of intelligence collection and financially motivated operations.