US, Australian Authorities Arrest Alleged Firebird RAT Creators

In a collaborative effort, the Australian Federal Police (AFP) and the FBI arrested two suspects allegedly involved in creating and spreading the “Firebird” Remote Access Trojan (RAT).

The malicious tool, renamed “Hive,” was not among the most notorious on the market but threat actors could still use it to wreak havoc on their victims.

Firebird/Hive RAT Marketed as Simple Remote Access Tool

Perpetrators administrating it have built a dedicated website to market it as a remote administration tool, but the details embedded in the page revealed a darker nature.

The Firebird/Hive RAT boasts several notable features, such as password recovery from numerous supported browsers, covert access to compromised systems and exploit-driven privilege elevation. These features, showcased on the tool’s website, would contrast starkly with the tool’s apparently benign nature.

Two Suspects Arrested After 4-year-long Operation

The law enforcement operation began in 2020 and led to the arrest of an unnamed Australian individual and 24-year-old Edmond Chakhmakhchyan, a Van Nuys, California resident operating online under the moniker “Corruption.”

According to the AFP, the Australian suspect allegedly developed and distributed the RAT on a dedicated hacking forum. He now faces 12 charges, including producing, supplying and controlling data with the intent to commit computer offenses, each carrying up to three years of imprisonment.

Suspect Allegedly in Charge of Marketing Pleads Not Guilty

Chakhmakhchyan, on the other hand, was allegedly in charge of marketing the Firebird/Hive RAT online, posting ads for the tool, accepting Bitcoin payments for licenses, and providing customer service to buyers, according to the US Department of Justice (DoJ).

"Customers purchasing the malware would transmit Hive RAT to protected computers and gain unauthorized control over and access to these computers, which allowed the RAT purchaser to close or disable programs, browse files, record keystrokes, access incoming and outgoing communications, and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets, all without the victims’ knowledge or permission,” reads a DoJ press release.

Chakhmakhchyan pleaded not guilty to the two-count indictment unsealed at his arraignment and was ordered to stand trial on June 4. If found guilty, he faces up to 10 years.

The Perils of Remote Access Trojans and Keeping Safe Against Them

Remote Access Trojans like Firebird/Hive can seriously damage compromised systems, considering their impressive range of stealth-based capabilities.

Threat actors often use them to take over systems entirely without the victim’s knowledge and carry out further malicious operations, such as stealing passwords, personal data, and financial information, spying on conversations, and, in some cases, even zombifying the affected system and adding it to a botnet.

Fending off these digital threats requires both awareness of the risks and specialized tools. Awareness is often insufficient; thus, employing security software can significantly enhance your safety.

Bitdefender Ultimate Security can fend off RATs and other intrusions, including zero-day exploits, worms, viruses, ransomware, and spyware.