NSHC's May 2024 monthly threat-actor report says 25 tracked groups were active between April 21 and May 20, with SectorA activity ranking highest at 32 percent. The SectorA section records activity by SectorA01, SectorA02, SectorA04, SectorA05, and SectorA07 across South Korea and multiple other countries, with targets including government, IT, political, diplomatic, and financially relevant victims. Reported tradecraft includes LinkedIn recruiter impersonation against software developers and IT engineers, malicious code-review or hiring-test scripts, LNK lures such as visitor lists and explanation-material lists, OpenVPN-themed archive files, Naver credential phishing, Xeno RAT distribution, and AutoIt-based malware. NSHC assesses that continuing SectorA operations combine strategic intelligence collection with financially motivated activity.