Full Report
The U.S. Department of the Treasury has imposed sanctions on Iranian national Behrouz Parsarad, the sole administrator of Nemesis, a darknet marketplace that facilitated the sale of illegal drugs, hacking services, and false identification documents. This action follows the marketplace’s takedown in a global law enforcement operation in 2024. A Darknet Marketplace for Crime Nemesis, founded in 2021, was a criminal enterprise with over 30,000 active users and 1,000 vendors. According to U.S. officials, the marketplace facilitated transactions worth nearly $30 million, including fentanyl sales in the United States and abroad. Designed with built-in money laundering features, darknet provided a safe haven for cybercriminals and drug traffickers. “As the administrator of the Nemesis darknet marketplace, Parsarad sought to build—and continues to try to re-establish—a safe haven to facilitate the production, sale, and shipment of illegal narcotics like fentanyl and other synthetic opioids,” stated Acting Under Secretary for Terrorism and Financial Intelligence Bradley T. Smith. “Treasury, in partnership with U.S. law enforcement, will use all available tools to dismantle these darknet marketplaces and hold accountable the individuals who oversee them.” Darknet allowed criminals to sell fentanyl, often laced with other substances and provided professional hacking services that enabled buyers to take control of victims’ online accounts. The marketplace’s encrypted nature allowed users to operate anonymously, making it a major player in global cybercrime. International Crackdown and Sanctions In March 2024, U.S., German, and Lithuanian law enforcement agencies coordinated a joint operation to seize Nemesis’ servers, effectively shutting down the marketplace. However, authorities report that Parsarad has been actively trying to rebuild a similar platform and has been in contact with former vendors. OFAC’s action marks its first designation as a member of the FBI-led Joint Criminal Opioid and Darknet Enforcement (JCODE) Team. The designation was made under Executive Order (E.O.) 14059, which targets individuals and entities contributing to the proliferation of narcotics. OFAC’s move aligns with previous actions against other illicit marketplaces, including the shutdown of Genesis Market in 2023 and Hydra Market in 2022. Financial Networks Under Scrutiny In addition to sanctioning Parsarad, OFAC has identified 49 virtual currency addresses linked to his financial activities. These addresses were allegedly used to launder funds for narcotics traffickers and cybercriminals, generating millions of dollars in illicit revenue. Treasury officials emphasized that darknet marketplaces are crucial to the global drug trade. A recent Financial Crimes Enforcement Network (FinCEN) advisory, published on June 20, 2024, highlighted how criminal organizations use these platforms to distribute precursor chemicals and synthetic opioids, worsening the fentanyl crisis in the United States. Nemesis Marketplace: Implications of the Sanctions The sanctions against Parsarad have significant consequences. All property and interests linked to him within the United States or under U.S. control are now blocked. Additionally, entities that are at least 50% owned by Parsarad are also subject to these restrictions. Financial institutions and individuals engaging with the sanctioned entity may face severe penalties. Under U.S. law, transactions involving designated persons are generally prohibited unless authorized by OFAC. This includes providing financial assistance, goods, or services to Parsarad or entities under his control. Violations of these sanctions could lead to civil or criminal penalties, with OFAC emphasizing strict enforcement. The Treasury Department warned that non-U.S. individuals and businesses must also comply with these restrictions to avoid potential repercussions. A Step Forward in Stopping Darknet Crime The action against Parsarad and Nemesis follows a broader effort to stop cyber-enabled crime and narcotics trafficking worldwide. By targeting the financial infrastructure behind these illicit platforms, law enforcement agencies aim to curb the reach of cybercriminals and drug traffickers. While Parsarad may attempt to rebuild, authorities have signaled their resolve to track and dismantle such operations. With darknet marketplaces playing a critical role in global cybercrime, Treasury officials stress that coordinated international action remains essential. As the fight against online crime continues, the sanctions against Parsarad mark another significant step in securing the digital landscape from illicit activities.
Analysis Summary
# Threat Actor: Nemesis Marketplace Operator (Potentially Parsarad)
## Attribution & Identity
The primary subject of the action is the Iranian administrator behind the "Nemesis Marketplace." This individual is identified as **Parsarad** (full name context suggests at least last name information is available, but only "Parsarad" is clearly mentioned in the sanctions context). The activity is linked to Iranian operations, specifically concerning darknet crime.
## Activity Summary
The activity summary focuses on the enforcement action taken against the individual rather than detailing a specific cyber campaign by the actor themselves.
* **Action Taken:** The U.S. Treasury Department sanctioned Parsarad for his role in operating the "Nemesis Marketplace."
* **Implication:** This action targets the financial infrastructure supporting illicit cyber and narcotics trafficking platforms.
## Tactics, Techniques & Procedures
The article focuses primarily on the *outcome* (sanctions) and the *nature* of the platform (darknet marketplace) rather than specific offensive TTPs used by Parsarad in a traditional cyber attack sense.
* **Operational Focus:** Operating an illicit darknet marketplace (Nemesis).
* **Associated Crime:** Facilitating cybercrime and narcotics trafficking through the marketplace infrastructure.
## Targeting
* **Sectors:** General darknet participants, cybercriminals, and narcotics traffickers using the platform.
* **Geography:** The operator is identified as Iranian. The sanctions affect entities and individuals within the United States or under U.S. control, and warn non-U.S. individuals/businesses of compliance risk.
* **Victims:** The victims are those affected by the cybercrime and narcotics trafficking facilitated by the marketplace.
## Tools & Infrastructure
* **Malware families used:** Not specified.
* **Infrastructure (C2, domains, IPs):** The key infrastructure mentioned is the **Nemesis Marketplace**, which is a darknet market platform. No specific IP addresses or domains are provided (defanged).
## Implications
The sanctions against Parsarad signal a serious intent by the U.S. Treasury to disrupt the **financial infrastructure** supporting cybercrime and illicit trafficking facilitated through darknet markets. This action has significant **extraterritorial implications**, warning global financial institutions and businesses about the punitive consequences of engaging in transactions with the designated individual or entities he controls (owning 50% or more). Authorities have stated they will continue tracking and dismantling such operations.
## Mitigations
The mitigation advice listed is externally imposed by the government agencies (OFAC) rather than technical defense advice:
* **Compliance:** Financial institutions and individuals must comply with OFAC restrictions; transactions involving designated persons are generally prohibited unless authorized.
* **Due Diligence:** Non-U.S. individuals and businesses must comply with U.S. restrictions to avoid potential civil or criminal penalties.