Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

Hackers are arrested

Two individuals have been arrested in Australia and the US for an alleged scheme to develop and distribute a remote access trojan called Hive RAT (formerly Firebird).

The US Justice Department (DoJ) SAYS the malware “gives malware buyers control over victim computers and enables them to access victims’ private communications, their login credentials, and other personal information.”

A 24-year-old individual named Edmond Chakhmakhchyan (aka “Corruption”) from Van Nuys in Los Angeles, California, was arrested after he was caught selling a Hive RAT license to an undercover employee of a law enforcement agency. in law.

He was charged with one count of conspiracy and one count of advertising a device as an interception device, each punishable by five years in prison. Chakhmakhchyan pleaded not guilty and was ordered to stand trial on June 4, 2024.

Court documents allege a partnership between the malware creator and the defendant where the latter would post ads for the malware on a cybercrime forum called Hack Forums, accept cryptocurrency payments from customers, and offer product support.


The Hive RAT has the capabilities to terminate programs, browse files, record keystrokes, access incoming and outgoing communications, and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets from victims’ machines without their knowledge or consent.

Chakhmakhchyan exchanged electronic messages with buyers and explained to one buyer that the malware ‘allowed the user of the Hive RAT to access another person’s computer without the person knowing about it. -access,'” said the DoJ.

The Australian Federal Police (AFP), which Office has partnered Self-prosecutions against a citizen for their alleged involvement in the production and sale of the Hive RAT, it is said that its investigation began in 2020.

The unnamed suspect faces 12 charges, including one count of creating data with intent to commit a computer offense, one count of controlling data with intent to commit an offense of the computer, and 10 counts of supplying data with intent to commit a computer offense. The maximum penalty for each of these offenses is three years in prison.

“Remote Access Trojans are one of the most damaging cyber threats in the online environment – when installed on a device, a RAT can give criminals complete access to, and control over, the device,” said by AFP Acting Commander Cybercrime Sue Evans.

“This can include anything from committing crimes anonymously, watching victims through camera devices, wiping hard drives, or stealing bank credentials and other sensitive information. .”

Nebraska Man Accused of Cryptojacking Scheme

The development comes as US federal prosecutors indict Charles O. Parks III (aka “CP3O”), 45, for operating a massive illegal cryptojacking operation, defrauding “two well-known provider of cloud computing services” from more than $3.5 million in computing resources to mine cryptocurrency worth nearly $1 million.

The indictment accuses Parks of wire fraud, money laundering, and engaging in unlawful monetary transactions. He was arrested on April 13, 2024. The wire fraud and money laundering charges carry a maximum sentence of 20 years in prison. He also faces 10 years in prison for illegal monetary transactions.


While the DoJ did not state which cloud providers were targeted in the fraudulent operation, it noted that the companies are based in the Washington state cities of Seattle and Redmond – the corporate headquarters for Amazon and Microsoft.

“From or about January 2021 through August 2021, Parks created and used various names, corporate affiliations and email addresses, including emails with domains from corporate entities he operated (. ..) to register multiple accounts with cloud providers and gain access to large amounts of computing processing power and storage without paying for it,” the DoJ said. SAYS.

The illicitly obtained resources are then used to mine cryptocurrencies such as Ether (ETH), Litecoin (LTC) and Monero (XMR), which are laundered through a network of cryptocurrency exchanges, a non-fungible token (NFT ) market, an online payment. provider, and traditional bank accounts to hide the digital transaction trail.

The ill-gotten proceeds, according to prosecutors, were eventually converted into dollars, which Parks used to make various expensive purchases that included a Mercedes Benz luxury car, jewelry, and first-class hotel and travel expenses.

“The parks tricked providers into approving elevated privileges and benefits, including high-level cloud computing services and deferred billing houses, and dismissed inquiries from provider regarding questionable data usage and raising unpaid subscription balances,” the DoJ said.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment