Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software and seek out cyber insurance policies. A disgruntled affiliate posted to a hacking forum the IP addresses for the C2 servers used by the gang and a 113 MB archive containing training material for conducting ransomware attacks. Security software products have become more adept at detecting Cobalt strike beacons that the attackers can use to execute commands remotely and gain continued access to a network. The gang is using legitimate Atera remote access software as a backdoor for continued persistence.”]