NSHC’s November 2022 threat-actor report identified SectorA activity as the most prominent cluster in its collection period, with five SectorA groups observed. The DPRK-relevant section says SectorA02 targeted South Korean media workers and North Korea-policy personnel with malicious Word documents themed around the Itaewon tragedy, RIES issue reports, and the Northern Limit Line. Other SectorA groups used exploited security-software vulnerabilities, LNK password-file lures, and CHM files to collect host or user information and support follow-on compromise. The report frames SectorA operations as long-running efforts to collect intelligence on South Korean political and diplomatic activity while also pursuing financial resources globally.