Arrest

A joint police operation between the Australian Federal Police (AFP) and the FBI has led to the arrest and charging of two individuals who are believed to be behind the development and distribution of the "Firebird" remote access trojan (RAT), later rebranded as "Hive."

Firebird/Hive aren't among the most widely recognized and deployed RATs out there, but they could still have impacted users' securitys worldwide.

Firebird used to have a dedicated site that promoted it as a remote administration tool. However, the homepage features such as stealthy access, password recovery from multiple browsers, and elevation of privilege through exploits, which communicated the intended message to prospective buyers.

Firebird website
Firebird RAT website
Source: @casual_malware

The law enforcement investigation, which began in 2020, led to the apprehension of an unnamed Australian man and Edmond Chakhmakhchyan, a resident of Van Nuys, California, known online as "Corruption."

The Australian Federal Police (AFP) alleges that the Australian developed and sold the RAT on a dedicated hacking forum, enabling other users who paid for the tool to remotely access victims' computers and perform unauthorized activity.

The Australian man faces twelve charges, including for the production, control, and supply of data intended to commit computer offenses.

He is scheduled to appear at the Downing Centre Local Court on May 7, 2024, with the suspect facing a maximum penalty of 36 years of imprisonment.

The U.S. Department of Justice provided more details about Chakhmakhchyan's role in the malware operation, explaining that the man is suspected of marketing the Hive RAT online, facilitating Bitcoin transactions, and providing support to purchasers.

The indictment alleges that Chakhmakhchyan promoted Hive's stealthy access to target computers to an undercover FBI agent, to whom he sold a license.

In a separate case, a buyer clearly told the seller his goals were to steal $20k worth of Bitcoin and $5k worth of documents, leaving no doubts about the intention to use the tool for illegal activities.

The defendant has pleaded not guilty to the charges, facing multiple counts of conspiracy to advertise a device as an interception tool, transmit code that causes damage to protected computers, and intentionally unauthorized access to data.

The maximum sentence for Chakhmakhchyan is ten years in prison, to be decided by the assigned judge on June 4, 2024.

Related Articles:

Police seize over 100 malware loader servers, arrest four cybercriminals

U.S. indicts Russian GRU hacker, offers $10 million reward

Four FIN9 hackers indicted for cyberattacks causing $71M in losses

Alleged Scattered Spider sim-swapper arrested in Spain

Empire Market owners charged for enabling $430M in dark web transactions