Kingpin of Notorious XSS.is Cybercrime Forum Arrested in Ukraine After Europol-Led Sting

The Paris Prosecutor’s Office has announced the arrest in Ukraine of an alleged administrator of the Russian-language forum XSS.is, a site long recognized as one of the largest hubs of the cybercriminal underworld. The operation took place on July 22, in a coordinated effort involving Ukrainian law enforcement, French investigators, and Europol.

According to prosecutors, since 2013, XSS.is has served as a major platform for the dissemination of malware, the trade of access credentials to compromised systems, the sale of stolen data, and services related to ransomware operations. Communication between forum participants was conducted via the encrypted Jabber messenger thesecure.biz.

The initial phase of the investigation commenced on July 2, 2021, led by the Paris Cybercrime Unit and subsequently transferred to the specialized division BL2C under the Police Prefecture. Investigators intercepted communications on the thesecure.biz server as part of judicial proceedings. Analysis of the messages confirmed the involvement of users in ransomware attacks, with the total estimated damages exceeding $7 million.

Later, on November 9, 2021, an additional criminal case was launched under charges related to unauthorized access to automated systems, extortion as part of an organized group, and criminal conspiracy.

The identity of the suspected administrator was uncovered during the second phase of the investigation. He was apprehended on July 22 in Kyiv with the support of Ukraine’s cyber police, the Security Service (SBU), and the Office of the Prosecutor General. French investigators were also present on-site, with Europol facilitating coordination.

The Paris Prosecutor’s Office has confirmed that the investigation remains ongoing.