As a result of a joint operation by the Australian Federal Police (AFP) and the FBI, two people were arrested who were behind the development and distribution of the Firebird remote access trojan (RAT), later renamed Hive.
Firebird was not one of the well-known and widespread RATs, but it was also used by cybercriminals. Previously, the malware even had a special website on which Firebird was advertised as a tool for remote administration. However, the site listed features such as hidden access, retrieving passwords from multiple browsers, and escalating privileges using exploits.
Advertisement
Now, an investigation into Firebird's activity, launched by law enforcement in 2020, has led to the arrest of an unnamed Australian citizen, as well as California resident Edmond Chakhmakhchyan, known online as Corruption.
Australian Federal Police claims that the unnamed detainee created and sold RAT on a specialized hacker forum, allowing other users who paid for the malware to gain remote access to victims’ computers and perform unauthorized actions.
He now faces twelve charges, including the production and sale of data intended to commit computer crimes. As a result, the suspect faces a sentence of 36 years in prison.
In its turn US Department of Justice reported more details about Chakhmakhchyan's role in this scheme. Law enforcement officials say that he is suspected of distributing Hive RAT, as well as conducting transactions in Bitcoin and providing support to malware buyers.
Advertisement
The indictment says Chakhmakhchyan promoted Hive's ability to gain covert access to targeted computers to an undercover FBI agent, to whom he eventually sold the malware.
In another case, the buyer directly told Chakhmakhchian that his goal was to steal $20,000 worth of Bitcoin and another $5,000 worth of documents, meaning there was no doubt about how he intended to use Firebird.
The defendant has pleaded not guilty but faces several charges, including conspiracy to advertise a data interception tool, distribution of code that causes damage to protected computers, and intentionally obtaining unauthorized access to data.
The maximum possible punishment for Chakhmakhchyan is 10 years in prison.