NSHC’s September 2021 monthly threat-actor roundup reports four SectorA groups active between August 21 and September 20, with operations observed in the United States, Turkey, Taiwan, the United Kingdom, Japan, South Korea, and other locations. The SectorA activity included LNK malware disguised as investment-bank or securities-company documents, social-network reconnaissance and lure malware against news and media workers, watering-hole attacks on public-sector websites, and template-injection Word documents targeting think-tank personnel. The report assesses these groups as continuing long-running collection against South Korea-related political, diplomatic, and government interests while also conducting worldwide financially motivated hacking. Because the broader report covers many non-DPRK actor clusters, the relevant finding is the SectorA tradecraft, targeting, and collection/financial motivation rather than unrelated SectorB–S sections.