Type
Incident
Actors
Pub. date
January 1, 2020
Initial access
Insider threat
Impact
RansomOp
Observed techniques
References
https://www.justice.gov/usao-sdny/press-release/file/1452706/downloadhttps://www.cyberscoop.com/fbi-hack-ubiquit-nikolas-sharp/https://www.csoonline.com/article/3643650/ubiquiti-breach-an-inside-job-says-fbi-and-doj.htmlhttps://securityboulevard.com/2022/01/update-on-ubiquiti-data-breach-insider-suspected/https://www.theverge.com/2021/12/1/22812761/ubiquiti-data-breach-aws-doj-indictment-inside-job
Status
Finalized
Last edited
Jun 2, 2024 11:58 AM
In 2020, Ubiquiti, a company that manufactures and sells wireless data communication and wired products, suffered a data breach and an extortion attempt of nearly $2 million at the hands of a senior developer working for the company. The attacker set a 1-day retention policy on the S3 bucket used by CloudTrail, using an S3 Lifecycle Rule, in order to evade detection and hide evidence of his activity.