In a significant blow to the cybercriminal underworld, Europol, in collaboration with French and Ukrainian authorities, has arrested the alleged administrator of XSS.is, a prominent Russian-language cybercrime forum. The operation, executed on July 22, 2025, in Kyiv, Ukraine, marks the culmination of a four-year investigation initiated by French law enforcement in 2021.
The Rise and Role of XSS.is
Established in 2013, XSS.is evolved into a central hub for cybercriminal activities, boasting over 50,000 registered users. The forum facilitated the sale of malware, access to compromised systems, stolen data, and ransomware-related services. It also operated an encrypted Jabber messaging server, enabling anonymous communication among cybercriminals. This platform became instrumental in coordinating, advertising, and recruiting for some of the most active and dangerous cybercriminal networks.
The Investigation and Arrest
The French-led investigation, launched in July 2021, involved extensive surveillance and wiretaps. Authorities intercepted communications on the Jabber server thesecure.biz, revealing numerous illicit activities linked to cybercrime and ransomware operations. These interceptions established that the forum’s administrator had generated at least €7 million (approximately $8.2 million) in profits through advertising and facilitation fees. The suspect also operated thesecure.biz, a private messaging service tailored for the cybercriminal underground.
In September 2024, the case progressed to an operational phase in Ukraine, with French police investigators deployed on the ground, supported by Europol through a virtual command post. The collaborative efforts led to the identification and subsequent arrest of the suspect in Kyiv on July 22, 2025.
Impact on the Cybercrime Ecosystem
The arrest of the XSS.is administrator is a significant milestone in the fight against cybercrime. By dismantling a major platform that served as a marketplace for illicit services, law enforcement agencies have disrupted the operations of numerous cybercriminal networks. The seizure of the forum’s domains and the analysis of the collected data are expected to aid ongoing investigations across Europe and beyond.
This operation underscores the importance of international cooperation in combating cybercrime. The collaborative efforts of French and Ukrainian authorities, supported by Europol, demonstrate a unified approach to tackling the global threat posed by cybercriminal organizations.
