Cybercrime

Authorities in Ukraine nab alleged admin of Russian-language cybercrime forum

Officials accuse the unnamed suspect of running XSS.is, a key and long-running marketplace with more than 50,000 registered users. The suspect allegedly made more than $8.2 million.

By Matt Kapko

July 23, 2025

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Authorities from Ukraine, France and Europol arrested the alleged administrator of XSS.is in Kyiv, Ukraine, on July 22, 2025. (Europol)

Ukrainian authorities Tuesday arrested the alleged administrator of XSS.is, a Russian-language cybercrime forum, following a four-year investigation by the Paris public prosecutor’s office.

Law enforcement officials from France and Europol seized the domain of the influential forum following the arrest. Authorities have not named the suspected administrator of XSS.is.

The forum, which was active since 2013, had more than 50,000 registered users and was a key marketplace for stolen data, malware, access to compromised systems and ransomware services, officials said. “It has long been a central platform for some of the most active and dangerous cybercriminal networks, used to coordinate, advertise and recruit,” Europol said in a news release.

Officials accuse the forum’s administrator of running technical operations and playing a central role in enabling cybercrime. Messages intercepted by authorities during the investigation revealed the suspect made more than $8.2 million in advertising and facilitation fees.

“Investigators believe he has been active in the cybercrime ecosystem for nearly two decades, and maintained close ties to several major threat actors over the years,” Europol said in the new release about the arrest and takedown operation. Authorities also accuse the suspect of running thesecure.biz, a Jabber-powered private messaging service for cybercrime that remains online as of press time.

The cybercrime unit of the Paris public prosecutor’s office opened an investigation into XSS.is in July 2021 and deployed French police investigators on the ground in Ukraine, with Europol’s support, in September 2024.

The arrest in Kyiv, Ukraine, followed a series of coordinated law enforcement actions, including evidence gathering and the dismantling of the cybercrime forum’s infrastructure. Authorities said data seized during the investigation will be analyzed to support ongoing investigations across Europe and elsewhere.

The Paris public prosecutor’s office said the alleged administrator of XSS.is was identified as part of a wiretap.

Authorities in Ukraine nab alleged admin of Russian-language cybercrime forum

More Like This

Cisco network access security platform vulnerabilities under active exploitation

Microsoft SharePoint zero-day attacks pinned on China-linked ‘Typhoon’ threat groups

Why it’s time for the US to go on offense in cyberspace

Top Stories

Contract lapse leaves critical infrastructure cybersecurity sensor data unanalyzed at national lab

Trump AI plan pushes critical infrastructure to use AI for cyber defense

More Scoops

Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies

BreachForums, a key English-language cybercrime forum, seized by the FBI

Ransomware gang broken up in Ukraine as a result of international operation

Justice Department seizes major cybercrime spot RaidForums

Police raid in Ukraine results in arrests of 2 alleged ransomware hackers

Russian cybercrime forum XSS claims to ban ransomware following Colonial Pipeline hack

Ukrainian accused in cybercrime wave is considering trial in U.S., lawyer says

Latest Podcasts

Verizon’s Alex Pinto on the takeaways from the 2025 DBIR

Kemba Walden and Devin Lynch on securing the AI Stack

Valence Security’s Yoni Shohet on the growing risk tied to SaaS applications

How Full Content Inspection offers a new era of real-time cybersecurity

Government

Technology

Threats

Policy