Comment by fckgw
8 months ago
> The standout red flag was that the unique machine name used by the individual was the same as one that we had tracked in several incidents prior to them installing the agent.
The machine was already known to the company as belonging to a threat actor from previous activity
Yes, but only according to the company's own logs, which were not externally validated. To rephrase, the company thinks this was an active attacker based on logs its own tool generates. It does not discount the possibility that the tool generated erroneous logs or identified the wrong machine(s).
That's not very convincing. They still abused trust placed in them - by an active attacker, granted, but still... This seems like a legally risky move and it doesn't inspire trust in Huntress.
Who's trust? Their job is to hunt down and research threat actors. The information gained from this is used to better protect their enterprise customers.
This gains more trust with their customers and breaking trust with ... threat actors?
>Who's trust? Their job is to hunt down and research threat actors
No, their job is to provide EDR protection for their customers.
2 replies →
That is what I said, yes.