NSHC's October 2024 report says SectorA activity was the most prominent among 31 tracked threat-actor groups and lists four North Korea-linked SectorA clusters active across the United States, South Korea, Japan, Brazil, Egypt, and other regions. SectorA01 used a GitHub project named nft_marketplace-main as a fake NFT marketplace to lure developers and install a backdoor for long-term data collection and command execution. SectorA02 used a phishing email with NGO Income_edit.zip and PowerShell malware for file theft, registry changes, and scheduled tasks, while SectorA05 used a cryptocurrency-themed LNK file and the Dropbox API for fileless malware execution. SectorA07 used an LNK lure about project information requests to run Visual Basic and batch scripts, collect host data, and fetch additional malware.