Skip to content

Huntress Analyst Allegedly Warned Devman Operator of FBI Investigation

In a nutshell: A Huntress employee informed the Devman ransomware operator of FBI investigations against him, which CEO Hanslovan characterizes as poor judgment but not as illegal or deliberate insider activity.

A former security analyst at Huntress has accused an active colleague of leaking information to a ransomware operator about an FBI investigation. Huntress CEO Kyle Hanslovan confirms questionable contacts and the warning, but denies an insider threat.

Ben Folland, who left Huntress in February after working in Security Operations, accuses a still-employed colleague of passing insider knowledge to the operator of the Devman ransomware. Devman uses a modified version of the DragonForce malware based on leaked Conti source code; the operator is believed to be operating from Russia. Folland reports that Devman specifically targeted him and his family.

The central accusation is that the FBI requested information from the Huntress employee about Devman. Instead of cooperating, she allegedly forwarded the complete agency communication, including screenshots with the names of the responsible FBI agents, to the ransomware operator, thereby warning him of the investigation. Folland argues that this meets the criteria of an insider threat and compares it to a bank employee warning a fraudster about a police investigation.

CEO Kyle Hanslovan confirms in a blog post that the company is aware of “questionable, long-term contacts” between the employee and the threat actor. He acknowledges that the employee informed the criminal that law enforcement had contacted her regarding his activities. While this was not illegal from a legal standpoint, it demonstrated poor judgment, he states.

Huntress allows threat researchers to occasionally engage with threat actors if this serves proactive research or ongoing investigations. Hanslovan rejects characterizing the incident as a deliberate insider threat. Internal investigation has so far found no evidence of illegal conduct, deliberate insider activity, or further data sharing. The company announced stricter rules of conduct for researchers in their dealings with threat actors and corresponding training, and took “appropriate personnel measures.”


Source: www.it-daily.net · Published 1 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: