NSHC ThreatRecon’s May 2022 monthly report observed 36 threat actor groups, with SectorA activity accounting for the largest share of observed operations. The SectorA section describes five groups active across Romania, Japan, the Netherlands, Spain, South Korea, Turkey, the United States, and other locations, targeting energy and military engineering firms, journalists, North Korea-related personnel, and political or diplomatic figures. Reported techniques included Log4Shell exploitation, spear-phishing emails, CHM help files, malicious attachments disguised as incident reports or cryptocurrency investment information, and distribution of multiple malware file types. The report assesses that ongoing SectorA activity is intended to collect high-value information related to South Korean political, diplomatic, and government activity while also pursuing financially motivated operations worldwide.