Accusing whistleblowers and reporters is indeed common - it pretty much seems the standard behavior in infosec in particular.
What I meant was something different. The breach, as I understand it, was quite critical. Ubiquiti in this case could take the standard corporate spiel of "it has hallmarks of a nation state attack, there was nothing we could do" bullshit disclaimer - but given the nature of this breach, every customer of theirs would now be wondering if $Enemy has put malware in their infra, and whether it isn't a good idea to smash it all with a hammer and buy new one from someone else. So I suspect Ubiquiti is going the other way, blaming it on a single, inconsequential individual, that absolutely, positively didn't give access to anyone else, and thus nobody's infra was in any danger.
(Note: I have no inside knowledge, or even any deep knowledge, of this topic - I'm just a random Internet person speculating.)
That's a pretty common ploy. Been there, done that. Early in my career when I was naive enough to try to whistleblow on things over my head.