NSHC's October 2023 ThreatRecon report says SectorA activity included four North Korea-linked clusters: SectorA01, SectorA02, SectorA05, and SectorA07. SectorA01 used recruiter impersonation on social platforms to lure targets into running malware disguised as a hiring-related PDF, while SectorA02 used a North Korean Supreme People's Assembly themed LNK file to download and execute additional malware through PowerShell. SectorA05 ran phishing pages that mimicked a Korean portal login, and SectorA07 used CHM malware disguised as a payslip before pulling additional payloads through PowerShell. The report frames SectorA activity as focused on intelligence collection related to South Korean political and diplomatic affairs while also supporting financially motivated operations worldwide.