Administrator Arrested and Charged in International Cybercrime Operation (critical) The suspected administrator of XSS.is, known by the alias 'Toha' (potentially Anton Gennadiyovych Medvedovsky), was arrested in Kyiv, Ukraine, on July 22, 2025. The arrest was the culmination of a four-year investigation led by French police, the Paris Prosecutor, Ukrainian law enforcement (SBU), and Europol.. Domain Seizure and Shutdown by Law Enforcement (critical) The primary domain, xss.is, was seized by law enforcement (French Brigade de Lutte Contre la Cybercriminalité and SBU Cyber Department) on or around July 22, 2025, and now displays a seizure notice. The forum was shut down due to its function as a major marketplace for stolen data, malware, and illicit services.. Operation as a Major Cybercrime Marketplace and RaaS Hub (critical) XSS.is was a notorious Russian-speaking cybercrime forum with over 50,000 registered users, serving as a key marketplace for stolen data, malware, exploits, and access to hacked systems. It was tightly connected to major forums like Exploit and RAMP, and served as a recruitment platform for Ransomware-as-a-Service (RaaS) groups, including REvil, LockBit, Conti, and Qiliin.. Illicit Financial Gain and Organized Extortion (critical) Authorities estimate the suspected administrator made over €7 million ($8.24 million) in profits from ad placements and service fees. Intercepted messages confirmed extensive illegal activity, including ransomware operations and organized extortion, facilitated through the platform's escrow and dispute resolution services.. Operation of Dedicated Secure Messaging Service for Criminals (high) The arrested administrator allegedly ran thesecure.biz, a private Jabber/XMPP messaging service built specifically for cybercriminals to communicate anonymously. French authorities intercepted data and messages through this service since early 2021, which was crucial to the investigation.