The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor’s office.
The French authorities state that the investigation was opened roughly four years ago, uncovering activities related to ransomware and other cybercrimes, which yielded multi-million-dollar profits.
This was despite the forum publicly banning all ransomware topics on the platform in May 2021.
“The investigation, opened on July 2, 2021, by the cybercrime division of the Paris prosecutor’s office and assigned to the Cybercrime Brigade of the judicial police of the Paris police prefecture, led to the implementation of judicial wiretaps on the Jabber server thesecure.biz,” reads the announcement.
“The intercepted messages revealed numerous illicit activities related to cybercrime and ransomware, and established that they had generated at least 7 million dollars in profit.”
Jabber is an encrypted messaging platform that utilizes the XMPP protocol and is popular among threat actors as a means of communication. According to the French police, they were able to breach the ‘thesecure.biz’ server to spy on communications between users on the platform.
These surveilled communications led to the opening of a judicial investigation on November 9, 2021, for complicity in attacks on data processing systems, extortion, and criminal conspiracy.
A second later interception identified the forum’s alleged administrator, leading to on-site deployment of agents in September 2024. The suspect was arrested yesterday by Ukrainian police, in the presence of French officers and with the assistance of Europol.
Source: Europol
XSS.is, which remains online at the time of writing, is a Russian-speaking cybercrime forum that has been active since 2013. It is widely regarded as one of the major online hubs for cybercriminal activity, with over 50,000 registered users.
The platform was used to sell malware, access to compromised systems, advertise ransomware-as-a-service (RaaS) platforms, and discuss illegal activities.
If the arrested person is the administrator of XSS, it is likely that the authorities now hold incriminating evidence against other members of the forum, which may lead to more arrests in the future.
In any case, this development is likely to have a chilling effect on the activity at XSS, as users fearing exposure to law enforcement will turn to other sites.
The XSS admin arrest comes shortly after the French police arrested five operators of BreachForum, another major cybercrime platform, which included the notorious hacker and data broker known as ‘IntelBroker.’
Contain emerging threats in real time – before they impact your business.
Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide.