Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) took action to designate Genesis Market, one of the world’s largest illicit marketplaces, for its part in the theft and sale of device credentials and related sensitive information. Genesis Market gains unauthorized access to victim devices and offers stolen data, including usernames and passwords, for sale. This action was coordinated with the U.S. Department of Justice (DOJ) and international partners from a dozen countries, who are taking law enforcement actions against Genesis Market users across multiple jurisdictions and seizing the website domains associated with Genesis Market. Genesis Market operates a criminal marketplace and is believed to be located in Russia. It has both a clearnet (traditional internet) and a darknet presence and is one of the most prominent brokers of stolen credentials and other sensitive information. Genesis Market identifies victim computer systems and gains unauthorized access to them, selling this access to cybercriminals for further exploitation. Its website compiles stolen victim data—including computer and mobile device identifiers, email addresses, usernames, passwords, and other credentials—from malware-infected systems around the globe and packages it for sale. As of February 1, 2023, there were approximately 460,000 packages listed for sale on Genesis Market, each of which represents a single, compromised victim computer or device. These packages contain stolen passwords and personal information for a variety of online accounts, including email, social media, and video streaming platforms, among others.
Genesis Market sells stolen credentials from leading U.S. and international companies and facilitates cybercrimes against them. In June 2021, a U.S. company was breached by hackers who stole sensitive data, including a software engine and source code. The hackers were able to access the U.S. company’s system because of a cookie purchased from Genesis Market.
Genesis Market has also been used by cybercriminals to target U.S. government organizations.
Genesis Market is being designated pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, for being responsible for or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.
Executive Order 13694 Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities;
Executive Order 13757 Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities
On December 31, 2015, OFAC issued the Cyber-Related Sanctions Regulations, 31 CFR part 578 (80 FR 81752, December 31, 2015) (the “Regulations”) to implement Executive Order (E.O.) 13694 of April 1, 2015, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities” (80 FR 18077, April 2, 2015), pursuant to authorities delegated to the Secretary of the Treasury in E.O. 13694. The Regulations were initially issued in abbreviated form for the purpose of providing immediate guidance to the public. OFAC is revising the Regulations to further implement E.O. 13694, as amended by E.O. 13757 of December 28, 2016, “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” (82 FR 1, January 3, 2017), as well as certain provisions of title II of the Countering America's Adversaries Through Sanctions Act (Pub. L. 115–44, 131 Stat. 886 (codified in scattered sections of 22 U.S.C.)) (CAATSA). OFAC is amending and reissuing the Regulations as a more comprehensive set of regulations that includes additional interpretive guidance and definitions, general licenses, and other regulatory provisions that will provide further guidance to the public. Due to the number of regulatory sections being updated or added, OFAC is reissuing the Regulations in their entirety.
E.O. 13694, as Amended by E.O. 13757. On April 1, 2015, the President, invoking the authority of, inter alia, the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), issued E.O. 13694. In E.O. 13694, the President determined that the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States, and declared a national emergency to deal with that threat.
On December 28, 2016, the President issued E.O. 13757 to take additional steps to deal with the national emergency with respect to significant malicious cyber-enabled activities declared in E.O. 13694. E.O. 13757 added an Annex to E.O. 13694 and amended section 1 of E.O. 13694 by replacing section 1(a) in its entirety.
