Cybercrime Crackdown: FBI Arrests 119 Individuals in Genesis Market Operation
An international law enforcement operation has taken down Genesis Market, a notorious illegal online marketplace that traded in stolen credentials such as email, bank account, and social media platform information.
The operation, codenamed Operation Cookie Monster, involved 17 countries and resulted in 119 arrests and 208 property searches across 13 nations. Since its inception in March 2018, Genesis Market has become a major hub for criminal activities, offering access to data stolen from over 1.5 million compromised computers worldwide, totalling more than 80 million credentials. The US Department of Justice (DoJ) called it one of the “most prolific initial access brokers (IABs) in the cybercrime world.”
Despite the infrastructure seizure, the .onion mirror of the market appears to be still up and running. Genesis Market was accessible over the clearnet, making it easier for lesser-skilled threat actors to obtain digital identities to breach individual accounts and enterprise systems.
The market sold packages of stolen information harvested from infected computers (bots) for anywhere between $0.70 to several hundred dollars, depending on the nature of the data. Europol and Eurojust noted that the most expensive packages would contain financial information that would allow access to online banking accounts.
Buyers were also provided with additional tools to use the data without attracting attention. Europol stated that buyers were provided with a custom browser that would mimic that of their victim, allowing them to access their victim’s account without triggering any security measures from the platform the account was on. The proprietary Chromium-based browser, referred to as Genesium, is cross-platform and claimed to have features such as “anonymous surfing” and other advanced functionalities that permit its users to bypass anti-fraud systems.
Genesis Market also peddled device fingerprints, including unique identifiers and browser cookies, to help threat actors circumvent anti-fraud detection systems used by many websites. According to the DoJ, account access credentials advertised for sale on Genesis Market included those connected to the financial sector, critical infrastructure, and federal, state, and local government agencies. The US Treasury Department sanctioned the criminal shop, describing it as a “key resource” used by threat actors to target US government organisations.
The take-down of Genesis Market is expected to have a ripple effect throughout the underground economy as threat actors search for alternatives to fill the void left by the market. It is the latest in a long line of illegitimate services that have been taken down by law enforcement, and it arrives exactly a year after the dismantling of Hydra, which was felled by German authorities in April 2022 and created a “seismic shift in the Russian-language darknet marketplace landscape.”
The development follows the launch of a new dark web marketplace known as STYX that’s primarily geared towards financial fraud, money laundering, and identity theft.