Article Details
Scrape Timestamp (UTC): 2024-04-13 14:21:48.719
Original Article Text
Click to Toggle View
Firebird RAT creator and seller arrested in the U.S. and Australia. A joint police operation between the Australian Federal Police (AFP) and the FBI has led to the arrest and charging of two individuals who are believed to be behind the development and distribution of the "Firebird" remote access trojan (RAT), later rebranded as "Hive." Firebird/Hive aren't among the most widely recognized and deployed RATs out there, but they could still have impacted users' securitys worldwide. Firebird used to have a dedicated site that promoted it as a remote administration tool. However, the homepage features such as stealthy access, password recovery from multiple browsers, and elevation of privilege through exploits, which communicated the intended message to prospective buyers. The law enforcement investigation, which began in 2020, led to the apprehension of an unnamed Australian man and Edmond Chakhmakhchyan, a resident of Van Nuys, California, known online as "Corruption." The Australian Federal Police (AFP) alleges that the Australian developed and sold the RAT on a dedicated hacking forum, enabling other users who paid for the tool to remotely access victims' computers and perform unauthorized activity. The Australian man faces twelve charges, including for the production, control, and supply of data intended to commit computer offenses. He is scheduled to appear at the Downing Centre Local Court on May 7, 2024, with the suspect facing a maximum penalty of 36 years of imprisonment. The U.S. Department of Justice provided more details about Chakhmakhchyan's role in the malware operation, explaining that the man is suspected of marketing the Hive RAT online, facilitating Bitcoin transactions, and providing support to purchasers. The indictment alleges that Chakhmakhchyan promoted Hive's stealthy access to target computers to an undercover FBI agent, to whom he sold a license. In a separate case, a buyer clearly told the seller his goals were to steal $20k worth of Bitcoin and $5k worth of documents, leaving no doubts about the intention to use the tool for illegal activities. The defendant has pleaded not guilty to the charges, facing multiple counts of conspiracy to advertise a device as an interception tool, transmit code that causes damage to protected computers, and intentionally unauthorized access to data. The maximum sentence for Chakhmakhchyan is ten years in prison, to be decided by the assigned judge on June 4, 2024.
Daily Brief Summary
A collaboration between the Australian Federal Police (AFP) and the FBI has resulted in the arrest of two individuals linked to the creation and sale of the "Firebird" remote access trojan (RAT), which was also known as "Hive."
The investigation, initiated in 2020, focused on an Australian man and Edmond Chakhmakhchyan from California, who were allegedly involved in the development and distribution of the malware.
The RAT was marketed on hacking forums and websites as a legitimate remote administration tool but offered capabilities for stealthy access, password recovery from browsers, and exploiting systems to elevate privileges.
The Australian suspect is charged with twelve offenses related to the production and distribution of the RAT, with potential penalties amounting to 36 years in prison.
Chakhmakhchyan is accused of marketing the RAT, processing payments in Bitcoin, and providing technical support to purchasers, with a maximum sentence of ten years if convicted.
Evidence includes interactions where Chakhmakhchyan promoted the RAT's illicit capabilities to an undercover FBI agent and transactions where explicit intentions for illegal use were discussed.
The legal proceedings for the Australian are set for May 7, 2024, at the Downing Centre Local Court, while Chakhmakhchyan will face the U.S. court on June 4, 2024.