Cyber Threat Actor: [email protected]
| Actor Type | Location | Known Incidents |
Criminal
|
Russia
|
0 incidents |
|---|
Profile
The threat actor is known primarily by the email address [email protected], which was used to deliver an extortion demand to a Canadian medical marijuana delivery service. Open‑source reporting indicates that the actor’s location is identified as Russia, though no further personal details or organizational affiliations have been disclosed in publicly available sources. The alias appears in the context of a single reported incident where it served as the point of contact for a ransom‑style threat. No additional aliases or handles are referenced in the material provided.
The actor’s observed targeting involves a Canadian business operating in the medical marijuana sector, specifically a delivery service that handles customer personal information and transaction data. The strategic objective demonstrated in the incident is financial gain, as the actor demanded payment to prevent the alleged leak of customer data. The extortion message explicitly framed the demand as a means to avoid a data breach, indicating a monetization motive rather than espionage or pure disruption. The geographic focus of the activity, based on the victim’s location, is North America, although the actor’s own location is noted as Russia. No other sectors or regions are mentioned in the available reporting.
Regarding tactics, techniques and procedures, the actor’s activity included the deployment of malware on the victim’s website, which necessitated the involvement of a security company to remove the malicious code and address other hacks. The actor also threatened to release customer information unless a payment was made, illustrating an extortion‑driven approach that combines data‑theft threats with financial coercion. The victim responded by taking the website offline and removing all identification data, suggesting the actor’s actions caused operational disruption and forced remedial measures. No specific malware families, exploit tools, or initial access vectors are named in the source material, so only the general use of malware and extortion can be confirmed. Attribution beyond the stated Russian location is not established in public sources; there is no explicit link to a state sponsor, criminal consortium, or larger threat‑actor group disclosed in the reporting. The only publicly reported operation associated with [email protected] is the extortion incident against JJ Meds, which serves as the sole documented example of the actor’s activity. This case remains the primary reference for understanding the actor’s behavior based on the evidence provided.
