After previously disclosing limited details about what it described in December as a “third-party data breach,” new details that became public this week show that Ubiquiti customer-owned devices have also been at risk, and Ubiquiti is rushing to deal with what is now considered a catastrophic event. At the start of December 2020, Ubiquiti had started investigating a potential breach to a database hosted on Amazon Web Services. The attackers allegedly had high-level privileges over Ubiquiti’s accounts to access its S3 buckets, application logs, user credentials, and SSO cookies. Using the information that was exposed, the attackers would have access to Ubiquiti customers’ local devices if they had cloud access enabled, including cameras, door access, routers, and managed switches. Based on the reporting, the attackers also have attempted to extort Ubiquiti by demanding 50 Bitcoins (~2.9 Million USD) after a backdoor had been removed, threatening to place another.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased