NSHC’s September 2022 Threat Actor Group Intelligence Report summarizes activity from late August to late September, with SectorA groups prominent among observed operations. The report notes that SectorA01 targeted news and media personnel through spear phishing and messenger-delivered malware with C2 functions for system collection, RDP connection, and file transfer. SectorA05 targeted government, defense, media, and think-tank personnel using portal large-file services to deliver malicious HWP and Word documents that used OLE objects to download and execute additional malware. SectorA06 targeted investment and finance personnel with spear-phishing emails containing malware download links, while SectorA07 targeted Russian embassy personnel with malicious macro-enabled PPT files.