After recent takedowns or disruptions of BreachForums and Hydra, the infamous Genesis Market is the latest to be shut down

An infamous “browser cookie market” known as Genesis Market was disrupted on 4 and 5 April when a law enforcement taskforce comprising agencies spanning across 17 countries – including the FBI, Europol and the Dutch Police – conducted searches of the premises where users were either arrested or interrogated.

Genesis Market had been around since 2018 and was the largest ‘by invitation only’ underground marketplace that facilitated the trading of login credentials, browser fingerprints and browser cookies. Under the moniker GenesisStore, the Genesis team advertised on several (predominantly Russian-speaking) underground forums.

Over the years, Genesis Market had been linked to a large variety of malware families such as info stealers like AZORult, Raccoon, Redline and DanaBot. Even up until February 2023, the dark marketplace was actively recruiting sellers of such malware.

John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center, commented: “The Genesis Market is a prime example of how in a post-COVID world, more than ever before, cyberthreats to consumers can swiftly become cyberthreats to enterprises. The numerous accounts for sale on the cybercriminal marketplace that included corporate emails represent the very cybersecurity challenge of having a dispersed workforce using personal devices for their jobs. Enterprises and organizations should enforce strict password management and MFA for remote employees, ensuring employees leverage VPNs on their work devices to protect themselves and their employers.”

In a statement from the US Department of Justice on the takedown exercise, codenamed Operation Cookie Monster, the assault on these “initial access brokers” (IABs) involved 11 domain name seizures, 119 arrests and “208 property searches and 97 knock-and-talk measures.” In the United Kingdom, 24 arrests took place, while the Dutch National Police even offer a service for the public to check if their email address is vulnerable. Another hack alert website, Have I Been Pwned has also been provided with lists of Genesis Market victims for people around the world to check against.

This latest takedown follows similar raids on BreachForums and Hydra — all dark net marketplaces. According to FBI Director Christopher Wray, the crackdown is a demonstration of the firm’s “commitment to disrupting and dismantling key services used by criminals to facilitate cybercrime” and “ability to leverage technical capabilities and (international partnerships) to take away the tools cyber criminals rely on to victimize people all across the world.”