NSHC's October 2023 Korean ThreatRecon report covers 35 threat actor groups, but the DPRK-relevant portion is the SectorA activity set. It reports SectorA01 operations in Singapore, India, Poland, and the United Kingdom using recruiter impersonation on social platforms to deliver malware disguised as job-offer PDF files. SectorA02 used LNK malware disguised as a document about North Korea's Supreme People's Assembly results and downloaded additional malware through PowerShell for in-memory execution. SectorA05 used phishing pages impersonating a Korean portal login to collect credentials in South Korea, Israel, and Ireland, while SectorA07 used payroll-themed CHM malware in South Korea and the United States to download and run follow-on payloads.