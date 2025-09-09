A threat actor has unintentionally revealed their methods and day-to-day activities after installing Huntress security software on their own operating machine.

The unusual incident gave analysts a remarkable inside look into how attackers use artificial intelligence (AI), research tools and automation to refine their workflows.

Inside The Attacker’s Workflows

According to Huntress, the actor discovered the company through a Google advertisement while searching for security solutions.

After starting a free trial and downloading the agent, their activities were logged in detail. Investigators were able to confirm the adversary’s identity through a previously known machine name and browser history, which showed active targeting behavior.

Over the course of three months, Huntress observed the actor testing multiple security tools, adopting workflow automation platforms such as Make.com, and researching Telegram Bot APIs to streamline operations.

The data also revealed an interest in AI-driven text and spreadsheet generators for crafting phishing messages and managing stolen information.