NSHC reports five SectorA clusters active in November 2024, with targeting across South Korea, the United States, the United Kingdom, Russia, Japan, and other regions. SectorA01 abused remote hiring processes and fake identities to obtain jobs and steal sensitive data, while SectorA02 used a North Korea policy-themed LNK lure to deploy a backdoor that exfiltrated files through pCloud and Yandex. SectorA03 used a VHDX disguised as a Chinese embassy invitation to steal files, take screenshots, and run additional malware, and SectorA04 showed stolen-credential access, token manipulation, and possible collaboration with Play ransomware actors. SectorA06 targeted cryptocurrency and sensitive information on macOS by modifying ~/.zshenv for persistence.