Genesis Market, an Online Marketplace for Stolen Information and Hive of Ransomware Operations, Taken Down by International Enforcement Agencies

Operation Cookie Monster

Genesis Market, a dark web operation that catered to criminals looking for stolen identities to pilfer bank accounts or pursue ransomware operations, has been taken down in a coordinated operation that involved many different enforcement agencies around the world.

The Federal Bureau of Investigation (FBI) Milwaukee Field Office investigated the case, partnering with 44 other field offices, along with the participation of the U.K. National Crime Agency, Italy’s Polizia de Stato, Police of Denmark, Australian Federal Police, Royal Canadian Mounted Police, Canada’s Sûreté du Québec, Romanian Police, Cybercrime Sub-directorate for French judicial police, Spain’s Policia Nacional, Spain’s Guardia Civil, Germany’s Federal Criminal Police Service, Swedish Police Authority, Poland’s Central Bureau for Combating Cybercrime, Dutch National Police, Finland’s National Bureau of Investigation, Switzerland’s Office of the Attorney General, Swiss Federal Police, Estonia’s Prosecutor General’s Office, Iceland’s Metropolitan Police, New Zealand Police, Eurojust, and Europol.

At the same time, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) took action to designate Genesis Market an illicit marketplace.

The Genesis Market is believed to be located in Russia, and as of February 1, 2023, there were approximately 460,000 packages listed for sale.

The US Department of Justice (DOJ) said that since 2018 Genesis Market has offered access to data stolen from over 1.5 million compromised computers around the world containing over 80 million account access credentials. The information could be used to access financial services, social media accounts and other services that required authentication.

Genesis Market obtained and sold device “fingerprints,”  unique combinations of device identifiers and browser cookies that circumvent anti-fraud detection systems used by many websites. This digital information allowed purchasers to assume the identity of the victim by tricking third-party websites into thinking the Genesis Market user was the actual owner of the account.

Genesis Market was said to be one of the most prolific initial access brokers (IABs) in the cybercrime world enabling ransomware actors to attack computer networks globally.

Users of the criminal operation were located all over the world. As part of Operation Cookie Monster, law enforcement seized 11 domain names used to support Genesis Market’s infrastructure.

US Attorney General Merrick B. Garland called the takedown “unprecedented” as the global marketplace facilitated cybercriminals at an unprecedented level.

Deputy US Attorney General Lisa O. Monaco said that many of its users were arrested yesterday around the world. The marketplace promised anonymity but clearly fell short of its claims. Monaco added that in the past year, they have shuttered the darknet’s largest marketplaces including Hydra Market, and BreachForums.

FBI Director Christopher Wray said the enforcement action was emblematic of the FBI’s ability to leverage tech capabilities to track, pursue and arrest cyber criminals.


Victims can visit to see whether their credentials were compromised by Genesis Market so that they can know whether to change or modify passwords and other authentication credentials that may have been compromised.

Register Now
Sponsored Links by DQ Promote