NSHC's November 2023 ThreatRecon report identifies SectorA02, SectorA04, SectorA05, SectorA06, and SectorA07 as the DPRK-relevant activity clusters for the month. SectorA02 used LNK files disguised as North Korean international security and military documents to download additional malware through PowerShell and execute it in memory, while SectorA04 abused Apache ActiveMQ CVE-2023-46604 to distribute remote-control and backdoor malware in South Korea and Russia. SectorA05 used HTML security email lures and LNK files disguised as conference fee documents in South Korea, and SectorA06 targeted blockchain engineers on public Discord channels with macOS malware disguised as Python tools. SectorA07 used a National Tax Service tax certificate lure with LNK, VBS, and batch scripts to collect system information.