NSHC's May 2024 ThreatRecon report identified five SectorA groups active across South Korea, the United States, Japan, Europe, and other regions, with targeting that included government, IT, manufacturing, construction, education, and cryptocurrency-adjacent job seekers. SectorA01 used LinkedIn-style hiring manager personas and recruitment or source code review tests to deliver malicious scripts that collected keystrokes and system information. SectorA02 and SectorA07 used Windows shortcut lures in South Korea, while SectorA04 delivered OpenVPN Client-themed malware and SectorA05 used Naver-themed phishing plus Xeno RAT from a web server. NSHC assessed the SectorA activity as supporting collection against South Korean political and diplomatic targets while also pursuing financial resources.