Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io

Made with 💙 by Wiz

Last Updated: April 3, 2025

Cloud Threat Landscape
/Incidents
Incidents
/
Ubiquiti incident

Ubiquiti incident

Type
Incident
Actors
📄Nickolas Sharp
Pub. date
January 1, 2020
Initial access
Insider threat
Impact
RansomOp
Observed techniques
Disable logging
References
https://www.justice.gov/usao-sdny/press-release/file/1452706/downloadhttps://www.cyberscoop.com/fbi-hack-ubiquit-nikolas-sharp/https://www.csoonline.com/article/3643650/ubiquiti-breach-an-inside-job-says-fbi-and-doj.htmlhttps://securityboulevard.com/2022/01/update-on-ubiquiti-data-breach-insider-suspected/https://www.theverge.com/2021/12/1/22812761/ubiquiti-data-breach-aws-doj-indictment-inside-job
Status
Finalized
Last edited
Jun 2, 2024 11:58 AM

In 2020, Ubiquiti, a company that manufactures and sells wireless data communication and wired products, suffered a data breach and an extortion attempt of nearly $2 million at the hands of a senior developer working for the company. The attacker set a 1-day retention policy on the S3 bucket used by CloudTrail, using an S3 Lifecycle Rule, in order to evade detection and hide evidence of his activity.