Europol announced on Monday the arrest of suspected administrators of XSS.IS (formerly Damagelab), the infamous Russian-speaking cybercrime platform.
The arrests made in Kiev, Ukraine on July 222, 2025 were led by French police and Paris prosecutors, in cooperation with Ukrainian authorities and Europol. The lawsuit is the result of an investigation launched by French police in July 2021.
Coupled with the arrest, law enforcement controlled the clear net domain of XSS.IS and greeted visitors with seizure notifications.
“The forum with over 50,000 registered users served as a key market for stolen data, hacking tools and illegal services,” law enforcement said. “For a long time, it has been the core platform for some of the most active and dangerous cybercrime networks and has been used to coordinate, promote and recruit.”
In addition to engaging in technical operations for the services, the forum administrators are said to have made criminal acts possible by arbitrating disputes between criminals and ensuring the safety of the transaction by acting as a trustworthy third party.
Nameless individuals are believed to have run Biz, a private messaging platform specially built to meet the needs of cybercriminals. Through these illegal ventures, the suspect is estimated to have made a profit of 7 million euros ($8.24 million) from advertising and facilitation fees.
“Investigators believe he has been active in the cybercrime ecosystem for nearly 20 years and has maintained close ties with several key threat actors over the years,” Europol added.
According to Paris prosecutors, XSS.sssss has been active since 2013 and serves as a hub for all this cybercrime, from compromised systems to ransomware-related services. They also provided an encrypted Jabber messaging server that allows cybercriminals to communicate anonymously.
XSS.IS, along with exploits, serves as the backbone of the Russian-speaking cybercrime ecosystem, with threat actors in these forums predominantly picking out non-Russian-speaking countries. Data shared by Kela shows that XSS currently has 48,750 registered users and over 110,000 threads.
“The forum has a reputation system built into it to promote illegal trade,” Kera said. “Members can use the forum-appointed escrow services to help them complete transactions and add deposits without fraud to contribute to their reputation.”
The development comes a week after the operation of Europol LED disrupted the online infrastructure associated with a pro-Russian hacktivist group known as NonMAME057 (16), with two arrests being made to carry out a denial of dispersal (DDOS) attack on Ukraine and its allies using a volunteer-driven GO-based tool called DDOSIA.
In a report released this week, the recorded Future Insikt group said between July 1, 2024 and July 14, 2025, it targeted 3,776 unique hosts of government, public sector, transportation, technology, media and financial entities in European countries opposed Russia’s invasion of Ukraine.
The Ukrainian organization accounted for the largest share of the target (29.47%), followed by France (6.09%), Italy (5.39%), Sweden (5.29%), Germany (4.60%), Israel (4.50%), Israel (4%), Cechia (4%), UK (4%) and the UK (3.30%). The US is a notable exclusion despite its support for Ukraine.
A broad analysis of NONAME057 (16) infrastructure has given us a wealth of resilient, multi-tier architectures consisting of rapidly rotating tier 1 command and control (C2) servers and tier 2 servers protected by access control lists (ACLs) (ACLs) that restrict upstream access and maintain trusted C2 capabilities. A maximum of 275 unique tier 1 has been identified during the period.
“The threat groups maintain a high operational tempo, average 50 unique targets each day, maintaining a fierce burst of activities correlated with Ukraine’s geopolitical and military development,” said the Mastercard-owned cybersecurity company.
“NONAME057 (16) uses a mix of network and application layer DDOS attacks and chooses a method designed to overwhelm server resources and destroy availability. Threat group attack methodology is simple yet effective, prioritizing mass flooding and resource emission techniques.”
Source link
