Blog

Hacker ‘NullBulge’ pleads guilty to stealing Disney’s Slack data

A California man who used the alias “NullBulge” has pleaded guilty to illegally accessing Disney’s internal Slack channels and stealing over 1.1 terabytes of internal company data.

According to the U.S. Department of Justice, a 25-year-old named Ryan Kramer created a malicious program in early 2024 that was promoted as an AI image generation tool on GitHub and other platforms.

However, the DOJ says this program was actually malware that allowed Kramer to access the computer of those who installed it to steal data and passwords from the device.

According to the Wall Street Journal, one of the people who downloaded the program was a Disney employee, Matthew Van Andel, who executed it on his computer. This gave Kramer access to his device, including the passwords stored in his 1Password password manager.

Using Van Andel’s stolen credentials, Kramer gained access to Disney’s Slack channels, where he downloaded 1.1TB of corporate data.

“By accessing M.V.’s Disney Slack account, defendant gained access to non-public Disney Slack channels, and in or around May 2024, defendant downloaded approximately 1.1 terabytes of confidential data from thousands of Disney Slack channels,” reads a plea agreement seen by BleepingComputer.

The Department of Justice says that Kramer then contacted Van Andel, posing as a Russian hacktivist group called “NullBulge,” warning that his personal information and Disney’s stolen Slack data would be published if he didn’t cooperate.

After receiving no response, NullBulge posted a message on the BreachForums hacking forum on July 12, 2024, titled “DISNEY INTERNAL SLACK,” where he claimed to have breached Disney and leaked the 1.1TB of stolen data, including Van Andel’s personal info.

“1.1TiB of data. almost 10,000 channels, every message and file possible, dumped. Unreleased projects, raw images and code, some logins, links to internal api/ web pages, and more! Have fun sifting through it, there is a lot there,” reads the forum post.

In July 2024, defendant contacted M.V. via email and the online messaging platform Discord, pretending to be a member of a fake Russia-based hacktivist group called “NullBulge.” The emails and Discord message contained threats to leak M.V.’s personal information and Disney’s Slack data. One message defendant sent to M.V. on July 8, 2024, threatened that in order to “ensure this information remains undisclosed, I need your cooperation,” and warned that if M.V. contacted anyone about the message, “we will drop our data publicly and loudly without so much as a warning.” Defendant also threatened that this would be a “major, major mistake” for M.V.’s “information and career at Disney.” Another email sent to M.V. on July 12, 2024, with the subject line “You sure that’s how you want to play?”, stated, in part, “Respond, do what we want, or end up on the net. Your choice. We will not contact you again.”  On July 12, 2024, after M.V. did not respond to defendant’s threats, defendant publicly released the stolen Disney Slack files, as well as M.V.’s bank, medical, and personal information on multiple
Kramer’s Disney post on the BreachForum hacking forum
Source: BleepingComputer

Kramer has pleaded guilty to one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer. Each charge carries a statutory maximum sentence of five years in federal prison.

He has also confirmed that two additional people downloaded his malware, allowing him to gain access to their computers. The FBI is currently investigating these additional people.

His initial court appearance in Los Angeles federal court is expected to be in the coming weeks.

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.


Source link

Related Articles

Back to top button
close