.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
North Korea
NICKEL JUNIPER
Summary
NICKEL JUNIPER is a targeted threat group that CTU researchers assess with moderate confidence conducts espionage on behalf of the North Korean government. The group has targeted South Korea and Russia, with a focus on government entities and the cryptocurrency industry. NICKEL JUNIPER typically uses phishing as an initial infection vector and has displayed financial and intelligence gathering motivations. The group has leveraged the WinRAR vulnerability (CVE-2023-38831) and also has displayed a preference for scripting languages such as VBScript and Windows Batch for intermediary infection stages. The group has displayed overlaps with NICKEL FOXCROFT and NICKEL KIMBALL.
Contact us
Contact us directly whether your organization needs immediate assistance or
you want to discuss your incident readiness, response, and testing needs.