NSHC ThreatRecon's March 2024 report lists SectorA01, SectorA02, SectorA05, and SectorA07 activity across South Korea, Taiwan, the United States, China, Russia, and other locations. SectorA01 pushed malicious Python packages through PyPI for information gathering and remote control, while SectorA02 used phishing emails impersonating the North Korean Human Rights Information Center and LNK malware that relied on Yandex and pCloud. SectorA05 delivered LNK lures such as lecture request forms and used the Dropbox API to fetch additional malware and open source remote control tools; SectorA07 used a virtual currency exchange persona and an LNK consent-form lure with VBS and batch malware. NSHC says these SectorA operations support collection on South Korean political and diplomatic activity while also pursuing financial resources worldwide.