NSHC’s October 2024 threat actor roundup says SectorA activity accounted for the largest share of observed operations, with SectorA01, SectorA02, SectorA05, and SectorA07 activity seen across multiple countries. SectorA01 used a malicious GitHub project named nft_marketplace-main to lure developers with a fake NFT marketplace project, install a backdoor, communicate with attacker infrastructure, run additional commands, and exfiltrate collected data. SectorA02 used phishing emails with an NGO Income_edit.zip attachment, leading to PowerShell malware that could steal files, modify the registry, and create scheduled tasks. SectorA05 used cryptocurrency-themed book lures delivered as LNK files and Dropbox API-based fileless execution, while SectorA07 used project-information request LNK lures that ran Visual Basic Script and batch code for collection and follow-on malware download. NSHC assesses SectorA groups as continuing intelligence collection tied to Korean political, diplomatic, and government-related targets while also pursuing financially motivated activity worldwide.