NSHC's September 2023 ThreatRecon report says SectorA activity accounted for the largest share of observed threat group operations in the period, with five SectorA clusters seen across South Korea, the United States, China, Romania, Poland, Malaysia, the Netherlands, Qatar, and Hong Kong. The SectorA cases used CHM malware themed around finance, malware masquerading as Microsoft Internet Explorer, LNK files disguised as abduction news, invitations, and tax documents, plus Visual Basic Script and batch files for system information collection. The report assesses SectorA activity as a mix of intelligence collection tied to Korean political and diplomatic issues and financially motivated operations worldwide.