A coordinated international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of stolen credentials associated with email, bank accounts, and social media platforms. Coinciding with the infrastructure seizure, the major crackdown, which involved authorities from 17 countries, culminated in 119 arrests and 208 property searches in 13 nations. The “unprecedented” law enforcement exercise has been codenamed Operation Cookie Monster. Genesis Market, since its inception in March 2018, evolved into a major hub for criminal activities, offering access to data stolen from over 1.5 million compromised computers across the world totaling more than 80 million credentials. A majority of infections associated with Genesis Market related malware have been detected in the U.S., Mexico, Germany, Turkey, Sweden, Italy, France, Spain, Poland, Ukraine, Saudi Arabia, India, Pakistan, and Indonesia, among others, per data gathered by Trellix. Some of the prominent malware families that were leveraged to compromise victims encompass AZORult, Raccoon, RedLine, and DanaBot, which are all capable of stealing sensitive information from users’ systems. Also delivered through DanaBot is a rogue Chrome extension designed to siphon browser data. Genesis Market is the latest in a long line of illegitimate services that have been taken down by law enforcement.
Court documents reveal that the U.S. Federal Bureau of Investigation (FBI) gained access to Genesis Market’s backend servers twice in December 2020 and May 2022, enabling the agency to access information pertaining to about 59,000 users of the cybercrime bazaar. A year prior, the FBI was involved in the takedown of the Hydra marketplace. Since then, joint global operations have removed Mega, Blacksprut, Solaris, and Kraken markets. The FBI continually expresses the need for global law enforcement cooperation, and it seems they may have found a successful formula in disrupting darknet marketplaces. That being said, the fall of Genesis will only leave a void to be filled by a new emerging market. Binary Defense analysts continue to monitor for new and emerging darknet marketplaces to fully understand the current threat landscape.