NSHC summarizes 2020 activity by SectorA subgroups, describing DPRK-linked operations focused on political and diplomatic intelligence collection and financially motivated intrusions. The report says SectorA groups used spear-phishing emails, malicious HWP and Microsoft Office documents, EPS/PostScript content, macros, LNK files and PE payloads against government, public-sector, North Korean human-rights, cryptocurrency, banking, defense, aviation, healthcare and research targets. SectorA05 was the most active subgroup, followed by SectorA01 and SectorA07, with campaigns observed across Korea, the United States, Japan, Europe and parts of Asia. The source highlights lures tied to COVID-19, U.S. political issues, defense contracts, recruitment, cryptocurrency exchanges and Korean public documents, showing broad social-engineering adaptation through the year.