A 25-year-old California man, Ryan Mitchell Kramer, has pleaded guilty to federal charges after orchestrating a significant cyberattack on The Walt Disney Company. Disguised as a member of a fictitious Russian hacktivist group named “NullBulge,” Kramer infiltrated Disney’s internal systems, exfiltrated sensitive data, and publicly released the information when his extortion demands were unmet.(Bitdefender, CyberInsider)
The Breach
In early 2024, Kramer developed and distributed a malicious program masquerading as an AI art generation tool on platforms like GitHub. When downloaded, the software granted him unauthorized access to users’ systems. One victim was a Disney employee whose compromised credentials allowed Kramer to access thousands of internal Slack channels. Between April and May 2024, he downloaded approximately 1.1 terabytes of confidential data, including 44 million messages, private customer details, employee passport data, and internal business discussions. (CyberInsider, SFGate, GovInfoSecurity)
The Extortion Attempt
In July 2024, Kramer contacted the Disney employee via email and Discord, posing as a member of “NullBulge.” He threatened to release the stolen data unless his demands were met. When the employee did not respond, Kramer followed through by leaking the data on multiple digital platforms on July 12, 2024. (Bitdefender, GovInfoSecurity, CyberInsider)
Legal Proceedings
Kramer has agreed to plead guilty to two felony charges: unauthorized access to a computer and threatening to damage a protected computer. Each charge carries a maximum sentence of five years in federal prison. He is expected to appear in federal court in Los Angeles in the coming weeks. (Bitdefender, GovInfoSecurity, SFGate)
Disney’s Response
Disney has acknowledged the breach and is cooperating with law enforcement agencies. A spokesperson for the company stated, “We are pleased that this individual has been charged and has agreed to plead guilty to federal charges. We remain committed to working closely with law enforcement to ensure that cybercriminals are brought to justice.” (Bitdefender)
Broader Implications
This incident underscores the growing threat of cyberattacks facilitated by deceptive software and the importance of robust cybersecurity measures. Organizations are reminded to remain vigilant against such threats and to implement comprehensive security protocols to protect sensitive data.
For more information on this case, refer to the original report by SecurityWeek. (SecurityWeek)
Leave a Reply