A man suspected of administering the Russian-language cybercrime forum XSS was arrested in Ukraine on July 22.
In an official statement on July 23, Laure Beccuau, a French State Prosecutor, said that the individual was taken into custody by the Ukrainian authorities, with the collaboration of the French police and Europol.
This arrest is the result of a four-year long investigation, which began on July 2, 2021, by the Paris Police Prefecture's Cybercrime Unit.
As part of the investigation, French police intercepted recordings on the Jabber thesecure.biz server which accompanied the XSS forum to facilitate anonymous exchanges between cybercriminals.
These interceptions revealed that the arrested individual was allegedly linked to numerous illicit cybercrime and ransomware activities and established that they had generated at least $7m in profit.
A judicial investigation was opened on November 9, 2021, on charges of complicity in attacks on an automated data processing system, extortion in an organized gang and criminal association.
In September 2024, the case moved into the operational phase in Ukraine, where French police investigators were deployed on the ground, supported by Europol through the establishment of a virtual command post. It was followed by another action that started on July 21, 2025, which saw the arrest of the main suspect in Kyiv.
A Europol mobile office was deployed to support French and Ukrainian teams with on-site coordination and evidence collection.
According to another statement published by Europol on July 23, the forum’s suspected administrator was not only a technical operator but is believed to have played a central role in enabling criminal activity.
"Acting as a trusted third party, he arbitrated disputes between criminals and guaranteed the security of transactions," the Europol statement noted.
Beccuau’s statement also showed that the involved Ukrainian and French law enforcement agencies have seized the XSS domains, although the site appears to still be up at the time of writing. The seized data will now be analysed to support ongoing investigations across Europe and beyond.
Source: Europol
XSS, A Major Dark Web Forum for Cybercrime Activities
Active since 2013, XSS had more than 50 000 registered users. It was one of the leading forums within the Russian-language cybercrime landscape for discussions around cyber-attacks and malware development.
XSS allowed the sale of malware, access to compromised systems, stolen data and ransomware-related services, Beccaua noted.
According to Oleg Lykpo, a cyber threat intelligence analyst at Flare and expert on the Russian cybercrime landscape, XSS and Exploit, another infamous criminal forum, are the backbone of the high-level Russian-speaking cybercriminal ecosystem.
Assessment of several Russian-speaking dark web forums’ activity in 2023. Source: Cybercrime Diaries, Oleg Lykpo
The Ukrainian agencies involved in the arrest included the state’s Cyber Department, the Security Service of Ukraine and the General Prosecutor's Office of Ukraine.
Infosecurity reached out to the Paris Police Prefecture, which declined to provide further details on the case at this time.
No tags.
