NICKEL JUNIPER

NICKEL JUNIPER is a targeted threat group that CTU researchers assess with moderate confidence conducts espionage on behalf of the North Korean government. The group has targeted South Korea and Russia, with a focus on government entities and the cryptotcurrency industry. NICKEL JUNIPER typically uses phishing as an initial infection vector and has displayed financial and intelligence gathering motivations. The group has leveraged the WinRAR vulnerability (CVE-2023-38831) and also has displayed a preference for scripting languages such as VBScript and Windows Batch for intermediary infection stages. The group has displayed overlaps with NICKEL FOXCROFT and NICKEL KIMBALL.