A top-notch cybercrime investigator, who heads up the Kaspersky Lab team that investigates hacks, has been arrested by Russian law enforcement for possible treason.

An unnamed source close to Russia’s Federal Security Service (FSB) told the newspaper Kommersant that Ruslan Stoyanov may be linked to an investigating into Sergei Mikhailov, a deputy chief of the FSB’s Center for Information Security. Both men were arrested in December.

Kaspersky Lab confirmed the report of Stoyanov’s arrest in Kommersant, then tweeted the following statement: “The case against this employee does not involve Kaspersky Lab. The employee, who is Head of the Computer Incidents Teams, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation.”

FSB’s Internal Security directorate is reportedly carrying out the investigation into treason; Kommersant cited unidentified top managers and co-owners of three IT companies as sources. The Russian Legal Information Agency claimed the FSB is investigating an alleged financial transaction between a foreign organization and Mikhailov, which was possibly mediated by Stoyanov.

Forbes, however, reported it the other way around, with the investigation “exploring the receipt of money from foreign companies by Stoyanov and his links to Mikhailov.” A Russian source told Forbes that the way the case was filed likely means the details will not be made public and will result in a “secret military tribunal.”

Article 275 of the Russian criminal code “allows the government to prosecute when an individual provides assistance to a foreign state or organization regarding ‘hostile activities to the detriment of the external security of the Russian Federation’.” Forbes’ source added that “this can be applied broadly. For instance, furnishing the FBI with information on a botnet may amount to treason.”

If the investigation predates Stoyanov’s employment at Kaspersky, which began in 2012, then a look at his LinkedIn profile shows he held several other high-ranking positions; he even worked on the Moscow Cyber Crime Unit at the Russian Interior Ministry for six years.

A quick search for Stoyanov brought up his involvement in an investigation that resulted in 50 people being arrested for booby-trapping websites with Lurk malware and then stealing more than $25 million; the Russian hacker gang bust was described as the “largest ever arrest of hackers in Russia.” In July 2016, Stoyanov said, “Lurk started attacking banks one-and-a-half years ago; before then its malicious program targeted various enterprise and consumer systems.”

Although it was not the first time that Stoyanov deep-dived into how Russian financial cybercrime works, he did write about how Kaspersky hunted for Lurk and helped to catch “one of the most dangerous gangs of financial cybercriminals.” He touched on how Kaspersky cooperated with law enforcement, helping the police understand how Lurk worked, receiving more “enriched” data back from police in a process that was repeated many times until the cyber thugs were caught.

Andrei Soldatov, who has spent over a decade studying Russian security services and the internet, told the Associated Press that the arrest of the Kaspersky manager is “unprecedented.” He added, “It destroys a system that has been 20 years in the making, the system of relations between intelligence agencies and companies like Kaspersky. Intelligence agencies used to ask for Kaspersky's advice, and this is how informal ties were built. This romance is clearly over.”