DOJ and OFAC Take Coordinated Action against Global Online Marketplace

The DOJ seized the online platform "Genesis Market," describing it as "one of the world’s largest illicit marketplaces" selling stolen account access credentials to cybercriminals on a global scale. In a coordinated action, OFAC designated the online marketplace on the Specially Designated Nationals and Blocked Persons Lists.

In a press release, the DOJ stated that it had seized the online platform, calling it one of the "most prolific" initial access brokers in the "cybercrime world." The DOJ explained that initial access brokers allow ransomware actors to attack computer networks in the United States by "easily infiltrat[ing] a victim’s computer system." Additionally, DOJ said, Genesis Market sold device "fingerprints," which are used to circumvent anti-fraud detection systems. The DOJ reported that the FBI seized 11 domain names used in connection with Genesis Market’s online operations.

In a coordinated action, OFAC designated Genesis Market pursuant to OFAC’s authority under Executive Order 13694. In a statement, OFAC said that Genesis Market was designated for engaging in cyber-enabled activity outside of the United States that poses a "significant threat to the national security, foreign policy, or economic health or financial stability of the United States." OFAC also said that Genesis Market is believed to be located in Russia and has both a clearnet (i.e., traditional internet) and darknet presence. According to OFAC, Genesis Market had listed approximately 460,000 individual packages of device credentials and related sensitive information for sale as of February 1, 2023.

Department of State Secretary Antony J. Blinken weighed in by "encourage[ing] all U.S. businesses to remain vigilant and enhance security and resilience efforts in the face of growing cybercriminal threat."