Type
Incident
Actors
Nickolas Sharp
Pub. date
January 1, 2020
Initial access
Insider threat
Impact
RansomOp
Observed techniques
Disable logging
References
https://www.justice.gov/usao-sdny/press-release/file/1452706/downloadhttps://www.cyberscoop.com/fbi-hack-ubiquit-nikolas-sharp/https://www.csoonline.com/article/3643650/ubiquiti-breach-an-inside-job-says-fbi-and-doj.htmlhttps://securityboulevard.com/2022/01/update-on-ubiquiti-data-breach-insider-suspected/https://www.theverge.com/2021/12/1/22812761/ubiquiti-data-breach-aws-doj-indictment-inside-job
Status
Finalized
Last edited
Jun 2, 2024 11:58 AM
In 2020, Ubiquiti, a company that manufactures and sells wireless data communication and wired products, suffered a data breach and an extortion attempt of nearly $2 million at the hands of a senior developer working for the company. The attacker set a 1-day retention policy on the S3 bucket used by CloudTrail, using an S3 Lifecycle Rule, in order to evade detection and hide evidence of his activity.