The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office.
The French authorities state that the investigation was opened roughly four years ago, uncovering activities related to ransomware and other cybercrimes, which yielded multi-million-dollar profits.
This was despite the forum publicly banning all ransomware topics on the platform in May 2021.
"The investigation, opened on July 2, 2021, by the cybercrime division of the Paris prosecutor's office and assigned to the Cybercrime Brigade of the judicial police of the Paris police prefecture, led to the implementation of judicial wiretaps on the Jabber server thesecure.biz," reads the announcement.
"The intercepted messages revealed numerous illicit activities related to cybercrime and ransomware, and established that they had generated at least 7 million dollars in profit."
Jabber is an encrypted messaging platform that utilizes the XMPP protocol and is popular among threat actors as a means of communication. According to the French police, they were able to breach the 'thesecure.biz' server to spy on communications between users on the platform.
These surveilled communications led to the opening of a judicial investigation on November 9, 2021, for complicity in attacks on data processing systems, extortion, and criminal conspiracy.
A second later interception identified the forum's alleged administrator, leading to on-site deployment of agents in September 2024. The suspect was arrested yesterday by Ukrainian police, in the presence of French officers and with the assistance of Europol.
Image from the arrest and computers' examination
Source: Europol
... continue reading