NSHC's September 2023 ThreatRecon report records SectorA as the most active tracked cluster family, with five SectorA groups observed across Korea, the United States, China, Romania, Poland, Malaysia, the Netherlands, Qatar, and Hong Kong. SectorA02 used finance-themed CHM malware to launch PowerShell downloads, while SectorA05 and SectorA06 used LNK lures tied to kidnapping news and invitations. SectorA07 used tax filing LNKs that ran Visual Basic Script and batch files to collect system data, and SectorA04 targeted education and manufacturing with malware disguised as Internet Explorer. NSHC assesses ongoing SectorA activity as focused on collecting political and diplomatic intelligence related to Korea while also conducting financially motivated operations.