In a global crackdown, authorities in Australia and the United States have apprehended two suspects allegedly involved in the creation and dissemination of a remote access trojan dubbed Hive RAT, formerly known as Firebird.
According to the U.S. Department of Justice (DoJ), this malicious software empowered its purchasers to wield control over targeted computers, granting them access to private communications, login credentials, and various personal data of the victims.
One of the suspects, a 24-year-old individual named Edmond Chakhmakhchyan, known as “Corruption,” residing in Van Nuys, Los Angeles, California, was apprehended while attempting to sell a Hive RAT license to an undercover agent from a law enforcement agency. Chakhmakhchyan faces charges of conspiracy and promoting a device as an interception tool, each carrying a potential sentence of five years in incarceration. He has pleaded not guilty and is scheduled to stand trial on June 4, 2024.
Legal documents reveal a collaboration between the creator of the malware and the accused, whereby the latter advertised the malware on a cybercrime platform called Hack Forums, accepted cryptocurrency payments, and provided customer support.
Hive RAT boasts a plethora of capabilities, including program termination, file browsing, keystroke logging, interception of communications, and theft of passwords and other credentials, all done surreptitiously on victims’ computers.
Chakhmakhchyan communicated with buyers via electronic messages, informing one of them that the malware facilitated covert access to a target’s computer system.
Meanwhile, the Australian Federal Police (AFP) has pressed charges against an individual suspected of involvement in the development and sale of Hive RAT, following an investigation initiated in 2020. The accused faces a dozen charges, ranging from data production with intent to commit cyber offenses to data control and supply for unlawful purposes, each carrying a maximum sentence of three years’ imprisonment.
According to AFP Acting Commander Cybercrime Sue Evans, Remote Access Trojans pose significant cyber threats, granting perpetrators unrestricted access and control over compromised devices, enabling various criminal activities such as surveillance, data theft, and financial fraud.
Simultaneously, in the United States, federal prosecutors have indicted Charles O. Parks III, alias “CP3O,” aged 45, for orchestrating a large-scale illicit cryptojacking operation. Parks stands accused of defrauding two prominent cloud computing service providers of over $3.5 million in computing resources to mine cryptocurrencies valued at nearly $1 million.
The indictment charges Parks with wire fraud, money laundering, and engaging in unlawful financial transactions, each carrying a maximum penalty of 20 years’ imprisonment and 10 years’ imprisonment, respectively.
Although the DoJ did not specify the targeted cloud providers, it indicated that they were based in Seattle and Redmond, Washington, home to industry giants Amazon and Microsoft.
Parks allegedly utilized various aliases and corporate affiliations to register multiple accounts with the cloud providers, accessing substantial computing power and storage without payment. The fraudulently obtained resources were utilized to mine cryptocurrencies like Ether, Litecoin, and Monero, which were subsequently laundered through cryptocurrency exchanges, an NFT marketplace, an online payment platform, and traditional banking channels to obfuscate the transaction trail.
Proceeds from these illicit activities financed extravagant purchases by Parks, including luxury vehicles, jewelry, and opulent travel accommodations.
The DoJ stated that Parks manipulated the cloud providers into granting him enhanced privileges and deferred billing, while deflecting inquiries regarding suspicious data usage and outstanding subscription balances.
