Hacker ‘NullBulge’ pleads guilty to stealing Disney’s Slack data

A California man who used the alias “NullBulge” has pleaded guilty to illegally accessing Disney’s internal Slack channels and stealing over 1.1 terabytes of internal company data.

According to the U.S. Department of Justice, a 25-year-old named Ryan Kramer created a malicious program in early 2024 that was promoted as an AI image generation tool on GitHub and other platforms.

However, the DOJ says this program was actually malware that allowed Kramer to access the computer of those who installed it to steal data and passwords from the device.

According to the Wall Street Journal, one of the people who downloaded the program was a Disney employee, Matthew Van Andel, who executed it on his computer. This gave Kramer access to his device, including the passwords stored in his 1Password password manager.

Using Van Andel’s stolen credentials, Kramer gained access to Disney’s Slack channels, where he downloaded 1.1TB of corporate data.

“By accessing M.V.’s Disney Slack account, defendant gained access to non-public Disney Slack channels, and in or around May 2024, defendant downloaded approximately 1.1 terabytes of confidential data from thousands of Disney Slack channels,” reads a plea agreement seen by BleepingComputer.

The Department of Justice says that Kramer then contacted Van Andel, posing as a Russian hacktivist group called “NullBulge,” warning that his personal information and Disney’s stolen Slack data would be published if he didn’t cooperate.

After receiving no response, NullBulge posted a message on the BreachForums hacking forum on July 12, 2024, titled “DISNEY INTERNAL SLACK,” where he claimed to have breached Disney and leaked the 1.1TB of stolen data, including Van Andel’s personal info.

“1.1TiB of data. almost 10,000 channels, every message and file possible, dumped. Unreleased projects, raw images and code, some logins, links to internal api/ web pages, and more! Have fun sifting through it, there is a lot there,” reads the forum post.

Kramer has pleaded guilty to one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer. Each charge carries a statutory maximum sentence of five years in federal prison.

He has also confirmed that two additional people downloaded his malware, allowing him to gain access to their computers. The FBI is currently investigating these additional people.

His initial court appearance in Los Angeles federal court is expected to be in the coming weeks.

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.

Read the Red Report 2025