NSHC ThreatRecon reports that SectorA groups, especially SectorA05, sharply increased phishing activity in 2022, with South Korea accounting for nearly all observed targeting. The activity focused on research centers, government workers, education, NGOs, media, finance, and people connected to North Korea policy, using email, messengers, social media, and portal-account phishing to steal credentials. The excerpt highlights lures aimed at researchers and North Korea-related personnel, including emails that linked victims to phishing pages rather than delivering real attachments. The DPRK-relevant value is the victimology and method: SectorA05 used low-complexity credential theft to support intelligence collection against South Korean policy, diplomatic, military, and research targets, and also pursued investor accounts for financially motivated access.