cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Major cyber criminal marketplace shut down by law enforcement worldwide

Global law enforcement agencies have banded together to take down one of the largest criminal marketplaces in existence, known for selling stolen credentials.

user icon Daniel Croft
Thu, 06 Apr 2023
Major cybercriminal marketplace taken down by law enforcement worldwide
expand image

Genesis Market, which has had a presence on both the clear web and the dark web since 2017, is one of the most well-known marketplaces that host stolen credentials and information obtained through cyber theft, with the data being sold used by criminals to launch attacks.

“The Genesis Market is a prime example of how in a post-COVID world, more than ever before, cyber threats to consumers can swiftly become cyber threats to enterprises,” said the head of threat intelligence at the Trellix Advanced Research Centre, John Fokker.

“The numerous accounts for sale on the cyber criminal marketplace that included corporate emails represent the very cyber security challenge of having a dispersed workforce using personal devices for their jobs.”


The international investigation and takedown, known as Operation Cookie Monster, was led by the FBI and saw Europol, Dutch Police, and the AFP in conjunction with state law enforcement.

The takedown saw hundreds of users approached and/or arrested. Under the Australian wing of the operation, Operation Zinger, the AFP and state police together executed 24 search warrants and arrested 10 people across three states.

Police have said that one Victorian man who was arrested is the “most prolific purchaser of compromised information in Australia”, according to an AFP press release.

The AFP has said that investigations are ongoing and that more arrests are expected over the coming weeks.

“Don’t think that because we haven’t knocked on your door yet, we won’t be at all. If you have used this website to purchase stolen data to commit cyber crime or fraud offences, then we will find you, and we will be paying you a visit,” said Assistant Commissioner Cyber Command Scott Lee.

According to Lee, Genesis Market had the potential to cause $46 million in damages to the Australian community, and investigators have identified 36,000 compromised Australian devices on the market. The total number of victims is still being determined.

“If you used this website to purchase stolen information in the belief that you’re anonymous or that police don’t take it seriously, you are mistaken. This operation proves we are committed to stamping out cyber crime at every level,” added Lee.

Taking down one of the largest criminal markets is expected to have an effect on the cyber climate worldwide, as threat actors lose a key method of gaining stolen credentials and the keys to thousands of networks and systems across the globe.

“This global takedown of the largest online cyber criminal marketplace of its kind will have a notable impact on the activities of cyber criminals focused on stolen credential usage for the rest of the year,” added Fokker.

“The Genesis Market lowered the barrier to entry for many cyber criminals, and allowed others to scale their operations quickly and execute focused attacks for quick financial gains. Not even counting the arrests of Genesis Market users, simply the loss of this platform will slow down many cyber criminal activities.”

Customers of the invite-only criminal marketplace were able to buy digital browser fingerprints that featured IP addresses, session cookies, OS details and plugins so that a threat actor is able to impersonate a victim’s browser and access their banks and other logged-in services without passwords of two-factor authentication.

In addition, Genesis said that following a purchase, these fingerprints are kept updated, provided access to the compromised device is maintained.

“Genesis customers aren’t making a one-time buy of stolen information of unknown vintage; they’re paying for a de facto subscription to the victim’s information, even if that information changes,” said senior threat researcher at Sophos, Yusuf Arslan Polat.

For context, Genesis Market offered cyber criminals access to over 1.5 million compromised devices at the time of takedown, allowing customers to access information of dozens of accounts per device.

As a way to allow individuals to determine whether their personal details have been compromised, the Dutch Police have developed an online portal, which can be found here.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.