NSHC describes SectorA05 activity using spear-phishing emails with malicious PDF attachments that exploit CVE-2020-9715 in Adobe Acrobat Reader to target specific organizations in South Korea. The lure content impersonated a Northeast Asia Economic Association executive course, and the resulting malware was designed to collect information from infected systems. NSHC says the payloads share code characteristics with malware used by the same group in 2018, while C2-related code and infrastructure have been in use since 2020. The report assesses that Bulgarian-hosted infrastructure and updated older malware source code were used to support ongoing intelligence collection against Korean targets.