Menu
Browse

Cyber Threat Actor: herbapproach

Actor Type Location Known Incidents
 Icon
Criminal
Canada
1 incident
Profile

The threat actor tracked underthe alias herbapproach has been identified as operating from Canada. All publicly known activity linked to this alias concerns a single extortion incident targeting a Canadian medical marijuana delivery service. The victim organization operates within the regulated cannabis‑related healthcare sector, which processes personal health information and customer payment data. In the reported case, herbapproach’s motive was explicitly financial, as the actors demanded a payment to prevent the disclosure of customer data. No additional sectors, regions, or victim types have been attributed to herbapproach in open‑source reporting.

The attack commenced with an email sent by herbapproach that contained the extortion demand and served as the initial point of contact. Upon receiving the email, the victim took its website offline, deleted stored customer identification records, and enlisted a third‑party security firm to hunt down and remove malware and any other compromises. Although the specific malware family or tools used were not named in the public account, the requirement for malware eradication confirms that malicious code was planted on the victim’s systems. The victim subsequently suspended all new orders and member benefits indefinitely while prioritizing the fulfillment of already paid orders, and the company publicly denied any involvement in an exit scam while stressing its commitment to customer privacy. Open‑source sources do not connect herbapproach to a state sponsor, criminal alliance, or larger hacking group, leaving its affiliation unverified beyond the alias itself. The March 9 2018 extortion against the medical marijuana delivery service remains the sole documented operation associated with herbapproach, illustrating its reliance on email‑based extortion, deployment of malware for leverage, and a clear financial objective.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources