Cybersecurity vendor Huntress has faced backlash from the infosec community after releasing research on an attacker who installed a trial version of its EDR tool. The case, described as “hilarious” by some senior staff, showed the attacker attempting to stay safe online by installing premium browser extensions and using Google Translate.
However, concerns have been raised about the ethics of Huntress’s actions. Some claim that monitoring an adversary without notification could be seen as an invasion of privacy. Others point out that EDR tools can access extensive data on host systems.
Huntress has defended its research methodology, stating that it echoed that used by other EDR vendors and aimed to educate the broader community about security threats. The vendor’s researcher stumbled upon the case while investigating malware alerts and chose to share their findings to serve the community.
While some appreciate the insights into the attacker’s tradecraft, others question whether the benefits outweigh the potential risks of surveillance. Huntress has clarified that its primary objectives are transparency, education, and countering hackers, but the debate surrounding this incident highlights the need for nuanced discussions around cybersecurity ethics.
Source: https://www.theregister.com/2025/09/12/huntress_attacker_surveillance