NSHC’s May 2023 ThreatRecon report identified five North Korean government-supported SectorA groups active during the collection window. SectorA01 targeted vulnerable Windows IIS servers in the United States with downloader malware, while SectorA02 used ZIP archives containing LNK malware disguised with themes such as Korean Public Administration Society seminars and the North Korean economic crisis against targets in South Korea, Australia, Hong Kong, the United States, and India. SectorA04 disguised malware as Microsoft Defender, SectorA05 used CHM purchase-invoice lures to download HTA malware, and SectorA06 targeted macOS users worldwide by impersonating a venture capital company and distributing a PDF-viewer-themed Rust payload that collected system data and contacted C2. The DPRK-linked activity combined intelligence collection against political and diplomatic targets with financially motivated operations, according to the source.