NSHC's March 2025 SectorA section reports five North Korea-relevant clusters active across South Korea, Taiwan, the Netherlands, Israel, Norway, India, Hong Kong, the United Kingdom, and the United States. SectorA01 is described as stealing $1.5 billion in Ethereum and MegaETH from Bybit through social engineering, spear phishing, credential theft, smart-contract abuse, and laundering via decentralized exchanges. Other SectorA activity included Hangul documents with OLE objects that registered scheduled tasks to fetch batch files and malware, malicious LNK files disguised as cybercrime reporting-system material, and macOS Rust-based backdoor and stealer variants targeting cryptocurrency workers. The report frames the activity as serving both intelligence collection against South Korean political and diplomatic interests and global financial-resource acquisition.