16 April 2024

Firebird RAT developers and sellers arrested in the US and Australia


Firebird RAT developers and sellers arrested in the US and Australia

Law enforcement authorities in the US and Australia have apprehended two men allegedly involved in the development and sale of the Firebird remote access trojan (RAT) later rebranded as Hive.

According to the US Department of Justice, Edmond Chakhmakhchyan, a 24-year-old resident of Van Nuys, California, known online as “Corruption,” was a developer behind the Firebird RAT. He also promoted the malware on hacker forums.

The RAT implements a number of functionalities allowing a buyer to stealthily close or disable programs, browse files, record keystrokes, access incoming and outgoing communications, and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets.

Chakhmakhchyan was charged with multiple offenses, including one count of conspiracy to advertise a device as an interception tool, transmit malicious code to damage protected computers, and illicitly access computers for information acquisition. Additionally, he faces one count of advertising a device as an interception tool. Both charges carry a maximum statutory penalty of five years in federal prison. His trial date is set for June 4, 2024.

The Australian police didn’t name the second suspect, but said the man developed and sold ‘Firebird’ to customers on a dedicated hacking forum. The man faces twelve counts of computer offenses, including one count of produce data with intent to commit a computer offense, one count of control data with intent to commit a computer offense, and 10 counts of supply data with intent to commit a computer offense. The maximum penalty for each of these offenses is three years’ imprisonment. He is scheduled to appear in court on May 7, 2024.


Back to the list

Latest Posts

ICC investigates cyberattacks in Ukraine as possible war crimes

ICC investigates cyberattacks in Ukraine as possible war crimes

The probe is focused on cyberattacks that endangered lives by disrupting essential services.
17 June 2024
Alleged Scattered Spider leader arrested in Spain

Alleged Scattered Spider leader arrested in Spain

The suspect is believed to be a key player in the MGM ransomware attack.
17 June 2024
Scattered Spider hackers switch focus to cloud apps for data theft

Scattered Spider hackers switch focus to cloud apps for data theft

Mandiant has observed UNC3944 accessing platforms like vSphere and Azure via SSO applications to create new virtual machines.
17 June 2024