NSHC's September 2024 activity roundup identified six SectorA groups, the report's North Korea-linked cluster set, operating across East Asia, North America, Europe, the Middle East, and other regions. SectorA01 and SectorA04 used recruiter-themed lures, including hiring tests, source-code review tests, encrypted PDFs, and malicious PDF readers, while SectorA05 delivered LNK malware disguised as a security-policy proposal and used the Dropbox API for fileless follow-on execution. SectorA06 targeted macOS users with Mach-O malware disguised as Discord, and SectorA07 used portal customer-service spear phishing about account deactivation. NSHC assessed the SectorA activity as continuing intelligence collection against South Korean political and diplomatic activity while also supporting financial-resource collection.