Security Affairs
Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

U.S. and Australian police arrested Firebird RAT author and operator

A joint investigation conducted by U.S. and Australian authorities led to the arrest of two key figures behind the Firebird RAT operation. A joint law enforcement operation conducted by the Australian Federal Police (AFP) and the FBI resulted in the arrest and charging of two individuals suspected of creating and selling the Firebird RAT, which […]

Scattered Spider DOJ

A joint investigation conducted by U.S. and Australian authorities led to the arrest of two key figures behind the Firebird RAT operation.

A joint law enforcement operation conducted by the Australian Federal Police (AFP) and the FBI resulted in the arrest and charging of two individuals suspected of creating and selling the Firebird RAT, which was later renamed as Hive.

Australian Federal Police reported that an Australian man and a man based in the US will appear in court, following the international investigation that began in 2020. The Australian man faces twelve counts of computer offenses.

The Australian man developed and sold Firebird to customers on a dedicated hacking forum.

The RAT allowed customers to access and control their victims’ computers remotely, its author advertised its stealing capabilities.

Last week, the FBI arrested Edmond Chakhmakhchyan, 24, of Van Nuys, on charges of marketing and selling the RAT. Chakhmakhchyan, aka “Corruption,” was apprehended by FBI agents and pleaded not guilty to two charges. He is accused of advertising and selling the Hive remote access trojan (RAT) on the “Hack Forums” website. The man was accepting Bitcoin payments for licenses and offering customer service to buyers.

“Customers purchasing the malware “would transmit Hive RAT to protected computers and gain unauthorized control over and access to these computers, which allowed the RAT purchaser to close or disable programs, browse files, record keystrokes, access incoming and outgoing communications, and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets, all without the victims’ knowledge or permission,” according to the indictment.” reported the DoJ. “Chakhmakhchyan allegedly began working with the creator of the Hive RAT, previously known as “Firebird,” approximately four years ago, and advertised online the RAT’s many features, including features that allowed the owner to remotely access victim computers and intercept communications and data without the victim knowing.

According to the indictment, Chakhmakhchyan engaged in electronic communication with buyers after advertising the Hive RAT. He explained to one buyer that the malware allowed access to another person’s computer without their knowledge. When informed that the target had significant cryptocurrency and project files, Chakhmakhchyan agreed to sell the Hive RAT.

“After this purchaser told Chakhmakhchyan that “the point” of using the Hive RAT was because the victim had “20k in bitcoin on a blockchain wallet” and “project files worth over 5k,” Chakhmakhchyan agreed to sell the Hive RAT, the indictment alleges.” continues DoJ.

The DoJ states that the man allegedly sold a license to an undercover law enforcement agent. Chakhmakhchyan faces charges of conspiracy and advertising a device as an interception device, each carrying a maximum penalty of five years in federal prison.

Chakhmakhchyan could face up to ten years in prison, while the maximum penalty for the Australian man is three years imprisonment.

(SecurityAffairs – hacking, malware)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini