A total of four hacking groups, SectorA01, SectorA02, SectorA04 and SectorA07 were found among SectorA hacking groups this August. Two parallel requirements of SectorA hacking groups are collecting high-quality information related to South Korean political and diplomatic activities and to obtain illegal monetary benefit by targeting anywhere in the world.

SectorA01 group activity was found in South Korea, the Philippines, Argentina, Pakistan, United States and Nepal. SectorA02 group activity has been found in South Korea and the United States. SectorA4 group, which had not been found for a while, was found in South Korea, and malware was discovered using a digital signature issued by a Korean security company. Sector07 group activity was found in South Korea, Indonesia, United States, Russian Federation and Germany.

The activities of the four SectorA-related hacking groups discovered in August common use Spear Phishing as an attack vector. However, SectorA01 uses Hangul files (HWP) as attachments in South Korea, and only other SectorA02, SectorA04, and SectorA07 groups use Microsoft Word files containing macro function as an attachment to its Spear Phishing emails.

The SectorA02 group produces mobile malware designed to run on Android smartphones and uses it for hacking activities.

The SectorA groups aim to seize high-level information related to South Korea’s political, diplomatic and North Korean relief organizations. Due to large-scale economic sanctions surrounding SectorA, their hacking groups carry out hacking activities to steal financial information in other countries, including South Korea. These operations take place in parallel. and SectorA groups are expected to continue hacking with the purpose.