Ukrainian authorities, with help from French police and Europol, have arrested a person suspected of running one of the largest Russian-language cybercrime hubs out there, XSS.is.
It all started with a long-running investigation that began in mid‑2021 in France. Prosecutors gradually traced encrypted logs and hacker chatter back to an individual living in Ukraine, culminating in their arrest on July 22, 2025.
XSS.is has been quietly operating since around 2013. The forum became notorious as a central marketplace for hijacked system access, malware, stolen credentials, ransomware kits and an encrypted Jabber channel hackers used to coordinate deals.
You might wonder how the biggest-ever Russian-language cybercrime board ended up with an admin based in Ukraine. The truth is, cybercriminals aren’t bound by borders. Ukraine’s large tech-savvy population and lax oversight may have created ideal conditions for operators like this to manage illicit activities without raising suspicion for years.
Inside XSS.is, users could browse and buy everything from data dumps and remote access trojans to ransomware deployment tools. Its encrypted Jabber server lets members communicate anonymously, making it a go-to platform for organising global cyberattacks.
As of July 2025, XSS.is had been online for over 12 years. That kind of longevity is rare in cybercrime. This arrest highlights how even entrenched networks can be infiltrated with sustained international cooperation.
Ex-DaMaGeLaB
This is not the first time the forum has had its administrator arrested. The forum originally launched in 2004 under the name DaMaGeLaB, a respected Russian-language hacking community. The site was briefly shut down in December 2017 after one of its administrators, Belarusian national Sergey Yarets, known on the forum as “Ar3s,” was arrested.
In late 2018, another prominent forum admin acquired a backup and relaunched it under the new name XSS, referencing the web‑security vulnerability “cross-site scripting.” Switching to the name XSS had two main purposes. First, it distanced the forum from its law‑enforcement-linked past tied to the DaMaGeLaB name. Second, it adopted a tech‑savvy rebrand by invoking a specific vulnerability known to its audience.
For now, XSS.is’s future looks uncertain. With its alleged administrator in custody, authorities in France and Ukraine have a chance to unravel the forum’s infrastructure and financial trail. Europol’s involvement adds weight to the operation and shows a growing international resolve to tackle cybercriminal networks.
Stay tuned, this article will be updated with more information.
