Huntress CEO says threat hunter used ‘poor judgment’ in alerting ransomware crim about law enforcement probe
Publish Date: 2026-06-30 12:54:00
Source Domain: www.theregister.com
Security
Ex-employee claims this ‘meets the definition of an insider threat’
Huntress CEO Kyle Hanslovan said he is aware of “questionable, long-term threat actor communications” between a threat hunter who is still employed with the security firm and a cybercriminal, and called this “poor judgment.”
“In one particular exchange, our current teammate disclosed to a threat actor that law enforcement had reached out to them about the threat actor,” Hanslovan said in a blog post, addressing a former employee’s accusations that the current Huntress analyst is an insider threat to the company. “While this disclosure was not illegal, it reflected poor judgment,” he wrote.
The incident came to light last week when former Huntress security operations analyst Ben Folland, who left the company in February, alleged that “another Huntress employee passed communications from US law enforcement to a cybercriminal, Devman, who is actively and publicly targeting my family and me.”
Devman is a ransomware operator, believed to be located in Russia, who uses modified DragonForce code built on top of the leaked Conti source code.
Folland alleged that this insider, still employed by Huntress, was “caught by the FBI,” and that their involvement with Devman “would cause significant reputational damage to Huntress and, in my view, continues to put clients at risk.”
“If you are an employee at a cybersecurity company, you should not be helping cybercriminals,” Folland said. “You should not be informing them of active investigations. You should not be engaging in cybercriminal activity yourself.”
At the time, Hanslovan said he “firmly disagree[d]” with Folland’s accusations – but declined to provide additional details about what happened between the employee and the criminal.
In the Tuesday blog post, Hanslovan elaborated further and said that he believed that the…
