Lawrence Abrams points us to some interesting findings by Advanced Intel, who pored through the Conti manuals and materials recently dumped by a disgruntled affiliate.
An interesting tactic used by the ransomware gang is using the legitimate Atera remote access software as a backdoor for continued persistence.
When conducting an attack, ransomware operations commonly deploy Cobalt Strike beacons that the attackers can use to execute commands remotely and gain continued access to a network.
However, security software products have become more adept at detecting Cobalt strike beacons, leading to a loss of access for the threat actors.
Abrams also talks about another finding by Advanced Intel: that searching for cyberinsurance information may be an indicator of exfiltration.
Read more on BleepingComputer