[fckgw]

> The standout red flag was that the unique machine name used by the individual was the same as one that we had tracked in several incidents prior to them installing the agent.

The machine was already known to the company as belonging to a threat actor from previous activity

[glitchc]

Yes, but only according to the company's own logs, which were not externally validated. To rephrase, the company thinks this was an active attacker based on logs its own tool generates. It does not discount the possibility that the tool generated erroneous logs or identified the wrong machine(s).

[bornfreddy]

That's not very convincing. They still abused trust placed in them - by an active attacker, granted, but still... This seems like a legally risky move and it doesn't inspire trust in Huntress.

[fckgw]

Who's trust? Their job is to hunt down and research threat actors. The information gained from this is used to better protect their enterprise customers.

This gains more trust with their customers and breaking trust with ... threat actors?

[viccis]

>Who's trust? Their job is to hunt down and research threat actors

No, their job is to provide EDR protection for their customers.

[cybergreg]

Threat intelligence is a thing.in fact there’s entire companies that sell just that. In fact, there’s entire government organizations that do just that.

[viccis]

Sure but that's not what their customer was engaging with them to do. It's not ethical to sell "EDR" services and then use that access to spy on your customers for intelligence purposes.

[viccis]

That is what I said, yes.