An investigation led by the French Police and Paris Prosecutor, in shut cooperation with their Ukrainian counterparts and Europol, has resulted within the arrest of the suspected administrator of xss[.]is, one of many world’s most influential Russian-speaking cybercrime platforms.
The discussion board, which had greater than 50,000 registered customers, served as a key market for stolen information, hacking instruments, and illicit providers. It has lengthy been a central platform for a few of the most energetic and harmful cybercriminal networks, used to coordinate, promote, and recruit.
The arrest happened in Kyiv, Ukraine, on July 22, as a part of a collection of coordinated enforcement actions geared toward gathering proof and dismantling the felony infrastructure.
Discussion board Admins Made Hundreds of thousands
The discussion board’s administrator was not solely a technical operator however is believed to have performed a central function in enabling felony exercise. Performing as a trusted third social gathering, he arbitrated disputes between criminals and assured the safety of transactions.
He’s additionally believed to have run thesecure[.]biz, a non-public messaging service tailor-made to the wants of the cybercriminal underground.
By these providers, the suspect is believed to have revamped EUR 7 million in promoting and facilitation charges. Investigators imagine he has been energetic within the cybercrime ecosystem for almost twenty years, and maintained shut ties to a number of main menace actors through the years.
The investigation was initiated by the French Police in 2021. In September 2024, the case moved into the operational section in Ukraine, the place French police investigators have been deployed on the bottom, supported by Europol by way of the institution of a digital command submit.
French authorities obtained judicial authorization to watch a Jabber server operated by the suspect, revealing in depth felony communications that uncovered ransomware assaults and different cybercrime actions producing at the least EUR 7 million in illicit income.
The breakthrough got here by way of intercepted messages on the thesecure.biz server, which accompanied the XSS discussion board to facilitate nameless exchanges between cybercriminals. These interceptions revealed the suspect’s alleged hyperlinks to quite a few ransomware operations and different cybercrime actions.
Europol supplied important operational and analytical help all through the investigation, facilitating info trade and coordination between French Police and Ukrainian authorities.
The company additionally assisted in mapping the cybercriminal infrastructure and linking the suspect to different main menace actors.
Throughout this week’s enforcement actions in Kyiv, a Europol cell workplace was deployed to help French and Ukrainian groups with on-site coordination and proof assortment. The seized information will now be analyzed to help ongoing investigations throughout Europe and past.
This operation aligns carefully with findings from Europol’s 2025 Web Organised Crime Risk Evaluation (IOCTA), which highlights the booming black marketplace for stolen information as a important driver of the cybercrime economic system.
The IOCTA reveals how such marketplaces empower cybercriminals by offering entry, anonymity, and belief mechanisms that maintain their operations.
The next authorities participated within the investigation: France’s Paris Prosecutor (Parquet de Paris – JUNALCO), French Police – Paris Police Prefecture, Ukraine’s Normal Prosecutor’s Workplace, and the Safety Service of Ukraine’s Cybercrime Division.
Increase detection, scale back alert fatigue, speed up response; all with an interactive sandbox constructed for safety groups -> Strive ANY.RUN Now
