Threat Intelligence

Major Russian-language cybercrime forum XSS.is shut down, alleged admin arrested

The word "cybercrime" is illuminated in a red on a computer keyboard

As detailed in Security Affairs, French and Ukrainian police have arrested a 38-year-old man in Kyiv and shut down XSS.is, a highly influential Russian-language cybercrime forum that operated for nearly two decades. The forum served as a critical hub for the underground economy, facilitating transactions between various cybercriminals.

Europol coordinated the operation, dubbed Ratatouille, which dismantled XSS.is, a forum with over 50,000 members. The arrested suspect allegedly earned more than EUR 7 million by acting as a trusted escrow service, a function crucial to the forum's operation. XSS.is facilitated trades for malware authors, exploit sellers, spammers, and ransomware affiliates, providing a secure platform for criminal dealings. Analysis of a leaked database revealed a strong concentration of Cyrillic text and registrations from CIS-region domains, confirming its Russian-speaking user base. The busiest trading sections focused on web-application vulnerabilities, malware, exploit kits, and network access. The forum's activity pattern mirrored a typical workday, peaking between 09:00 and 13:00 UTC, aligning with Moscow working hours. The arrest and seizure of the associated "thesecure.biz" Jabber server represent a significant blow to cybercrime infrastructure, although the forum has since reappeared with diminished trust.

The exposure of user data, including nicknames, emails, and IP addresses, poses a lasting threat, enabling the creation of detailed dossiers on forum members. While the takedown removes a central hub, the underlying economy of access brokering and exploit sales continues to migrate to other platforms.

Source: Security Affairs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds