Operation Cookie Monster, a coordinated international law enforcement operation, led to the dismantling of Genesis Market, an illegal online marketplace for stolen credentials. The operation resulted in 119 arrests, 208 property searches across 13 countries, and involved authorities from 17 countries. Genesis Market was a prolific initial access broker (IAB) that offered access to data stolen from over 1.5 million computers worldwide, with more than 80 million credentials for sale. The .onion mirror of the market remains active despite the crackdown.
The market sold account access credentials connected to the financial sector, critical infrastructure, and government agencies, as well as device fingerprints used to circumvent anti-fraud detection systems. Law enforcement agencies gained access to Genesis Market’s backend servers and obtained information about 59,000 users. The stolen data was sold for as little as $0.70 to several hundred dollars, depending on the data’s nature, and buyers were offered additional tools to use it undetected.
The crackdown on Genesis Market is expected to have a ripple effect, but the emergence of STYX, a new dark web marketplace that offers similar services, shows that illegal services remain a profitable business. Threat actors are likely to seek alternative marketplaces to fill the void left by Genesis Market.