TZUTC: -0500
MSGID: 1099.consprcy@1:2320/105 2c7b76d8
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Hacker pleads guilty to illegally accessing Disney Slack channels and 
stealing huge tranche of data

Date:
Fri, 02 May 2025 15:02:00 +0000

Description:
Nullbulge spread info-stealing malware, with 1.1TB data stolen.

FULL STORY

A Santa Clara man who created an AI image generation tool that deployed 
hidden malware has pleaded guilty to stealing over 1.1 TB of internal company
data after illegally accessing Disneys internal Slack channels. 

The hacker, Ryan Mitchell Kramer, who went by the name NullBulge was charged
with one count of accessing a computer and obtaining information and one 
count of threatening to damage a protected computer, the US Attorneys Office
for the Central District of California reported . 

The incident had wide reaching consequences, with Disney choosing to ditch
Slack in favour of Microsoft teams following the breach . Over 10,000 Slack
channels were involved in the incident, and confidential data including
internal communications and sensitive information like images, source code 
and credentials were compromised.

A malicious programme 

Kramer reportedly accepted a plea deal, pleading guilty to the two felony
charges that each carry a statutory maximum sentence of five years in federal
prison - but he has not yet been sentenced. 

The plea deal outlines that in early 2024, Kramer posted a computer program 
on various online platforms, including GitHub, that purported to be computer
program that could be used to create A.I.-generated art. In fact, the program
contained a malicious file that enabled Kramer to gain access to victims
computers. 

After the victim downloaded the malicious file, Kramer accessed Disneys
information through the victims personal computer, where he stored login
credentials for personal and professional accounts. 

After the hacker accessed these accounts, he downloaded over 1.1TB of data
from Disney, which was then publicly released alongside the victims bank,
medical, and personal information. 

According to the report, the FBI is currently investigating the possibility 
of at least two more victims hit by similar attacks by Kramer .

======================================================================
Link to news story:
https://www.techradar.com/pro/security/hacker-pleads-guilty-to-illegally-acces
sing-disney-slack-channels-and-stealing-1-1tb-of-data

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426