3 December 2021

Former Ubiquiti dev tried to extort his employer posing as a hacker


Former Ubiquiti dev tried to extort his employer posing as a hacker

A security breach at New York-based networking device maker Ubiquiti, which first came to light in January 2021, was allegedly orchestrated by a former employee of the technology firm, according to the U.S. Department of Justice.

Nickolas Sharp, 36, was arrested on December 1 on charges of stealing gigabytes of confidential information from the company and using it to demand nearly $2 million in ransom.

According to the indictment, Sharp was working as a senior developer and had access to Ubiquiti’s Amazon Web Services (AWS) and GitHub servers. In December 2020, the defendant downloaded gigabytes of confidential data from his employer using Surfshark VPN service to mask his IP address.

In January, Sharp made an attempt to extort his employer for ransom posing as an anonymous hacker claiming to have obtained unauthorized access to the company’s network. The ransom note sent by Sharp demanded 50 Bitcoin (nearly $1.9 million at the time) in exchange for the return of the stolen data and the information on the purported vulnerability in Ubiquiti’s network.

After the company refused to pay the ransom, Sharp published a portion of stolen data on a publicly accessible online platform.

In March, Sharp, posing as an anonymous whistleblower, falsely told media outlets that the data had been stolen by an unidentified hacker, according to the DoJ. Following the publication of these articles, the company’s stock price fell approximately 20%, losing over $4 billion in market capitalization.

Sharp has been charged with transmitting a program to a protected computer that intentionally caused damage, transmission of an interstate threat, wire fraud, and making false statements to the FBI. Each of these carry a maximum prison sentence ranging between two and twenty years.


Back to the list

Latest Posts

The story of the four bears: Brief analysis of APT groups linked to the Russian government

The story of the four bears: Brief analysis of APT groups linked to the Russian government

In “The Four Bears” series we will tell you about the APT groups known as Fancy Bear, Cozy Bear, Voodoo Bear, and Berserk Bear.
17 January 2022
Cybersecurity year in review: Most notable APT hacks of 2021

Cybersecurity year in review: Most notable APT hacks of 2021

In 2021 nation-state actors somewhat faded into the background, but they still pose a significant threat.
17 January 2022
Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

The attackers exploited the Log4Shell vulnerability on ONUS’ Cyclos server to plant backdoor and exfiltrate data.
30 December 2021