The U.S. Justice Department (DOJ) and Europol announced a coordinated international operation against Genesis Market, an online criminal marketplace that advertised and sold packages of account access credentials – such as usernames and passwords for email, bank accounts, and social media – that had been stolen from malware-infected computers around the world. It was an unprecedented law enforcement operation involving 17 countries.
Genesis Market offered access to data stolen from over 1.5M compromised computers worldwide and was a key enabler of ransomware.
Since its inception in March 2018, Genesis Market has offered access to data stolen from over 1.5 million compromised computers worldwide containing over 80 million account access credentials. Account access credentials advertised on Genesis Market included those connected to the financial sector, critical infrastructure, and federal, state, and local government agencies. Genesis Market was also one of the most prolific initial access brokers (IABs) in cybercrime. IABs attract criminals looking to easily infiltrate a victim’s computer system. Genesis Market offered for sale the type of access sought by ransomware actors to attack computer networks worldwide.
Genesis Market was user-friendly, allowing users to search for stolen access credentials based on location and/or account type (e.g., banking, social media, email, etc.). In addition to access credentials, Genesis Market obtained and sold device “fingerprints,” which are unique combinations of device identifiers and browser cookies that circumvent anti-fraud detection systems used by many websites. The combination of stolen access credentials, fingerprints, and cookies allowed purchasers to assume the victim’s identity by tricking third-party websites into thinking the Genesis Market user was the actual owner of the account.
