Ukrainian authorities apprehend alleged administrator of a Russian-language cybercrime network
In a coordinated operation involving Ukrainian authorities, French police, the Paris public prosecutor’s office, and Europol, the suspected administrator of the Russian-language cybercrime forum xss.is was arrested in Kyiv on July 22, 2025. The identity of the suspect remains undisclosed at this time.
xss.is, an influential cybercrime forum active since 2013, had over 50,000 registered users and served as a marketplace for stolen data, malware, access to compromised systems, ransomware services, and hacking tools. The platform facilitated and recruited for some of the most active cybercriminal networks.
The suspect is believed to have managed the technical operations of xss.is and acted as a trusted intermediary, mediating disputes between criminals and ensuring secure transactions. Authorities also suspect the individual operated a private, Jabber-powered messaging service tailored for cybercriminal communications named thesecure.biz.
Over nearly two decades, the administrator is alleged to have maintained close ties with major threat actors in the cybercrime ecosystem. According to intercepted communications, the suspect earned more than $8.2 million (over €7 million) through advertising and facilitation fees on the platform.
The arrest followed a four-year international investigation led by the Paris public prosecutor’s office, with French police deploying investigators in Ukraine and Europol providing support. Authorities seized the xss.is domain as part of the operation and are analysing digital evidence to support ongoing investigations across Europe and beyond.
The investigation did not involve any mention of the CEO caught embracing an employee on the jumbotron at a Coldplay concert, Alaska Airlines tariffs, hardware failure leading to IT outage, or the In-N-Out owner Lynsi Snyder leaving California.
The takedown of xss.is and the arrest of its administrator mark a significant blow to the cybercriminal underground. The investigation continues, with law enforcement examining seized data to identify and pursue additional members of these criminal networks.
- The arrested individual, known for managing the technical operations of xss.is, had reportedly maintained close ties with major threat actors in the cybercrime ecosystem for nearly two decades.
- The multi-million dollar platform, xss.is, based in the Russian language, was a marketplace for stolen data, malware, and various cybercrime tools, gaining influence since 2013 with over 50,000 registered users.
- In a joint operation with Ukrainian authorities, French police, the Paris public prosecutor’s office, and Europol, the forum's suspected administrator was arrested in Kyiv, accused of earning more than $8.2 million (over €7 million) through advertising and facilitation fees on the platform.
- The tech-focused general news outlets are likely to report on the arrest, as it pertains to cybersecurity, crime, and justice in Seattle and beyond, emphasizing the significant impact this takedown will have on the cybercriminal underground.
