The suspected administrator of the Russian-speaking hacking discussion board XSS.is was arrested by the Ukrainian authorities yesterday on the request of the Paris public prosecutor’s workplace.
XSS.is is a Russian-speaking cybercrime discussion board that has been energetic since 2013 and is extensively thought to be one of many main on-line hubs for cybercriminal exercise, with over 50,000 registered customers.
The platform was used to promote malware, entry to compromised techniques, promote ransomware-as-a-service (RaaS) platforms, and talk about unlawful actions.
The French authorities state that the investigation was opened roughly 4 years in the past, uncovering actions associated to ransomware and different cybercrimes, which yielded multi-million-dollar earnings.
This was regardless of the discussion board publicly banning all ransomware matters on the platform in Might 2021.
“The investigation, opened on July 2, 2021, by the cybercrime division of the Paris prosecutor’s workplace and assigned to the Cybercrime Brigade of the judicial police of the Paris police prefecture, led to the implementation of judicial wiretaps on the Jabber server thesecure.biz,” reads the announcement.
“The intercepted messages revealed quite a few illicit actions associated to cybercrime and ransomware, and established that that they had generated no less than 7 million {dollars} in revenue.”
Jabber is an encrypted messaging platform that makes use of the XMPP protocol and is widespread amongst risk actors as a method of communication. In accordance with the French police, they have been capable of breach the ‘thesecure.biz’ server to spy on communications between customers on the platform.
These surveilled communications led to the opening of a judicial investigation on November 9, 2021, for complicity in assaults on information processing techniques, extortion, and prison conspiracy.
A second later interception recognized the discussion board’s alleged administrator, resulting in on-site deployment of brokers in September 2024. The suspect was arrested yesterday by Ukrainian police, within the presence of French officers and with the help of Europol.
Supply: Europol
XSS discussion board members posted issues this morning that the location was taken over by legislation enforcement after being unable to answer to present threads. This means that legislation enforcement had gained entry to the executive backend of the discussion board, giving them full entry to the location.
Quickly after, the location was formally taken offline by legislation enforcement, displaying a message stating, “This area has been seized by la Brigade de Lutte Contre la Cybercriminalité with help of the SBU Cyber Division.”
Supply: BleepingComputer
With entry to the discussion board backend and the arrest of the suspected administrator of XSS, it’s probably that the authorities now maintain incriminating proof in opposition to different members of the discussion board, which can result in extra actions sooner or later.
In any case, this growth is prone to have a chilling impact on the exercise at XSS, as customers fearing publicity to legislation enforcement will flip to different websites.
The XSS admin arrest comes shortly after the French police arrested 5 operators of BreachForum, one other main cybercrime platform, which included the infamous hacker and information dealer generally known as ‘IntelBroker.’
Replace 7/23/25: Article up to date to mirror that XSS has now been seized by legislation enforcement.
CISOs know that getting board buy-in begins with a transparent, strategic view of how cloud safety drives enterprise worth.
This free, editable board report deck helps safety leaders current danger, impression, and priorities in clear enterprise phrases. Flip safety updates into significant conversations and sooner decision-making within the boardroom.
