Arrests Made in Firebird RAT Cybercrime Case

A team effort by the Australian Federal Police (AFP) and the FBI has resulted in the capture and legal action against two people believed to be responsible for creating and sharing the “Firebird” remote access trojan (RAT), later renamed as “Hive.”

Arrests Made in Firebird RAT Cybercrime Case

Although Firebird isn’t as widely known or used as other RATs, it still posed a potential threat to users worldwide.

Firebird used to have its own website promoting it as a tool for remote administration. The site highlighted features like stealthy access, recovering passwords from different browsers, and gaining elevated privileges through vulnerabilities, appealing to potential buyers.



firebird website
Firebird RAT website [Source: @casual_malware]

The joint investigation, starting in 2020, led to the arrest of an unnamed Australian individual and Edmond Chakhmakhchyan from Van Nuys, California, known online as “Corruption.”

The AFP accuses the Australian of creating and selling the RAT on a specific hacking forum. This allowed buyers to remotely access victims’ computers and carry out unauthorized actions.

The Australian individual faces twelve charges, including producing, controlling, and providing data for committing computer crimes. They are scheduled to appear in court on May 7, 2024, with a maximum sentence of 36 years in prison.





The U.S. Department of Justice provided more information about Chakhmakhchyan’s involvement, stating he marketed the Hive RAT online, handled Bitcoin transactions, and offered support to buyers.

The charges against Chakhmakhchyan include promoting Hive’s ability to access target computers discreetly to an undercover FBI agent, from whom he sold a license.

In another instance, a buyer explicitly mentioned their intent to use the tool for stealing $20,000 worth of Bitcoin and $5,000 worth of documents, leaving no ambiguity about the illegal purposes.

Chakhmakhchyan has pleaded not guilty to the charges, which include multiple counts related to advertising a device for interception, transmitting damaging code to protected computers, and intentionally accessing data without authorization.



The maximum penalty for Chakhmakhchyan is ten years in prison, to be determined by the judge on June 4, 2024.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top