Sophos profiles NICKEL JUNIPER as a North Korea-linked espionage group, also associated with Konni, Opal Sleet, and OSMIUM. The group targets South Korea and Russia, especially government entities and the cryptocurrency industry, with both intelligence-gathering and financial motivations. The profile identifies phishing as the typical initial infection vector and notes use of the WinRAR vulnerability CVE-2023-38831. It also highlights the group's preference for scripting languages such as VBScript and Windows Batch during intermediary infection stages, with observed overlaps with NICKEL FOXCROFT and NICKEL KIMBALL.