NSHC ThreatRecon's November 2023 report lists five SectorA groups, its North Korea-linked cluster set, as active across South Korea, the United States, Russia, Israel, Mexico, Austria, China, and Japan. SectorA02 used LNK malware disguised as documents on North Korean security and military issues, then downloaded additional payloads through PowerShell for in-memory execution. SectorA04 exploited CVE-2023-46604 in Apache ActiveMQ to deploy remote-control and backdoor malware, while SectorA05 used secure-mail and honorarium-themed lures that led to PE malware with keylogging and information theft functions. SectorA06 targeted blockchain engineers with macOS malware delivered through public Discord channels, and SectorA07 used tax-certificate LNK lures that ran VBScript and batch files to collect system information.