Europeol announced the arrest of suspected administrator on Monday Xss.is (East Damagelab), a notorious Russian speaking cybercrime stage.
On July 222, 2025, Ukraine’s arrest in Ukraine was led by the French police and the Paris prosecutor in collaboration with Ukrainian officials and Europeol. This action is the result of an investigation that was initiated by the French Police in July 2021.
Coupled along with arrest, law enforcement has also controlled the clearance domain of XSS.IS, greeting visitors with a seizure notice, “This domain has been seized by La Brigade de Lutye Contre La Cyber Crimminate with the help of SBU Cyber Department.”
“Forum, which had more than 50,000 registered users, served as a major market for stolen data, hacking tools and illegal services,” said the law enforcement agency. “It has long been a central platform for some of the most active and dangerous cyber criminal networks, which are used to coordinate, advertise and recruit.”
In addition to the administrator of the forum, engaging in the technical operation of the service, it is said that criminal activity is said to have been able to interfere with criminals by acting as a reliable third-party to interfere and guarantee the safety of transactions.
It is believed that anonymous person is also believed to be a private messaging platform, especially designed to meet the needs of cyber criminal. Through these illegal enterprises, the suspect is estimated to make € 7 million ($ 8.24 million) in profit from advertising and convenience fees.
“Investigators believe that he has been active in cybercrime ecosystem for almost two decades, and has maintained a close relationship with many major danger actors over the years,” Europeol said.
According to the Paris prosecutor, XSS.IS has been active since 2013, is acting as a hub for all cyber crime, ranging from reaching compromised systems and ransomware-related services. It also offered an encrypted jabber messaging server, allowing the cyber criminal to communicate anonymously.
XSS.IS, with exploitation, has served as the backbone of Russian-speaking cyber criminal ecosystem, with danger actors on these forums mainly exclude non-Rasi speaking countries. Data shared by banana suggests that XSS currently has 48,750 registered users and over 110,000 threads.
“To facilitate illegal transactions, the platform has an underlying reputation system,” Banana said. “Members can use a platform-managed escrow service to ensure that the deals are completed without scam, as well as add a deposit, contribute to their reputation.”
Europeol-Left operations come after a week after a week, which disrupts an online infrastructure associated with a supporter-Russian hecticist group, known as NAME 057 (16) and arresting two people for the attacks of Daniel-Off-Service (DDOS), a voluntary-to-people attacks for Daniel-Services (DDOS). She does
A report published this week recorded the future INSIKT group, stating that the group targeted 3,776 unique hosts between July 1, 2024 and 14 July 2025, mainly government, public sector, transport, technology, media and financial institutions in European countries opposed Russian’s attack.
Ukrainian organizations were responsible for the largest part of the targets (29.47%), followed by France (6.09%), Italy (5.39%), Sweden (5.29%), Germany (4.60%), Israel (4.50%), Chechia (4%), Poland (4%), and United Kingdom (3.30%). Despite Ukraine’s support, the United States is a notable boycott.
A comprehensive analysis of the infrastructure of noname057 (16) has a flexible, multi-level architecture, which includes rapidly rotated Tier 1 Command-And-Control (C2) server and Tier 2 servers, which are protected by access control lists (cls) to limit the upstream access and maintain the reliable C2 function. 275 unique Tier 1 has been identified during the time period.
The MasterCard-owned Cybercity Company said, “Danger Group maintains a high operating tempo that averages 50 unique goals daily, with a rapid burst of activity for geopolitical and military development in Ukraine,” said “MasterCard-owned Cybercity Company.
“Noname057 (16) uses a mixture of network and application-layer DDOs, methods designed to overwhelm server resources and interrupt availability. The danger group’s attack is straightforward, but prioritizes floods and resource tired techniques in high-bodies.”
