The group is known for an elaborate use of false flags in order to trick the security community about who is behind an attack.
This APT group is behind the infamous Olympic Destroyer attack, which took down the Olympic infrastructure a few days after the opening ceremony of the 2018 Winter Olympics in Pyeonchang, South Korea. They then shifted their attention to financial organizations in Russia and biological and chemical threat prevention laboratories in Europe and Ukraine. Their attacks typically start with a reconnaissance stage followed by a cyber-sabotage stage. They are perhaps most well-known for their elaborate use of false flags, which initially tricked the cyber community into believing the attack against the Olympics was carried out by Lazarus.