Administrator of XSS Forum Arrested, Website Shut Down by Authorities

Red Dog Security

2 min read
Administrator of XSS Forum Arrested, Website Shut Down by Authorities

The alleged administrator of the Russian-language cybercrime forum XSS[.]is has been arrested by Ukrainian authorities at the request of the Paris Prosecutor’s Office. The arrest was followed by a law enforcement takedown of the website, confirming what many in the cybercrime community had feared: the forum had been compromised.

What Was XSS[.]is?

Founded in 2013, XSS was a well-known Russian-speaking forum and marketplace for cybercriminals. With over 50,000 registered users, it served as a central hub for buying and selling:

  • Malware and exploits
  • Access to compromised systems
  • Ransomware-as-a-Service (RaaS) offerings
  • Illicit hacking tools and services

In an unusual move, the forum banned ransomware-related discussions in May 2021—a decision that surprised many, given its core role in the broader cybercrime economy.

$7 Million Cybercrime Operation Exposed

According to French authorities, the investigation into XSS began on July 2, 2021, initiated by the cybercrime division of the Paris Prosecutor’s Office. Over the course of four years, investigators uncovered a web of extortion schemes and other criminal activity that reportedly generated at least $7 million in illicit profits.

“The investigation, launched on July 2, 2021, by the Paris Prosecutor's cybercrime unit, led to a court-approved interception of communications on the Jabber server thesecure[.]biz,” French officials stated.
“The intercepted messages revealed numerous illegal activities, including cyberattacks and extortion.”

Law enforcement successfully compromised the encrypted messaging service thesecure[.]biz, which enabled them to monitor real-time communications between forum members. This surveillance triggered a second phase of the operation on November 9, 2021, targeting suspects for complicity in cyberattacks, extortion, and criminal conspiracy.

The Arrest: A Key Figure in the Underground

Using the intercepted messages, investigators identified the suspected administrator of XSS. Working with Europol and French police, Ukrainian authorities arrested the individual earlier this week.

“The administrator was not just the technical operator of the forum—he allegedly played a central role in facilitating criminal activity,” Europol said.
“Acting as a trusted middleman, he resolved disputes between criminals and guaranteed secure transactions. He is also believed to have managed thesecure[.]biz, a private messaging service tailored for cybercriminals.”

Though the suspect’s identity has not been made public, officials believe he had been active in the cybercrime underground for nearly two decades and maintained relationships with prominent cybercriminals.

Forum Seizure and Potential Fallout

On July 23, 2025, users of XSS[.]is noticed the site had gone offline. Hours later, it was replaced with a law enforcement seizure banner, confirming that authorities had taken control of the domain.

Given access to the forum’s backend infrastructure and communication logs—along with the administrator in custody—investigators may now pursue additional arrests and prosecutions.

Key Takeaways

  • XSS[.]is, a major Russian-speaking cybercrime forum, has been taken offline and seized by law enforcement.
  • The forum's suspected administrator was arrested in Ukraine after a four-year joint investigation led by France.
  • Authorities intercepted encrypted communications on thesecure[.]biz, exposing cyber extortion and hacking schemes.
  • The forum allegedly facilitated over $7 million in criminal profits through malware, access sales, and RaaS operations.
  • The investigation is ongoing, and further arrests are expected as officials analyze the seized data.

Read more