A California hacker has pleaded guilty to breaking into Disney’s systems using a fake AI platform, resulting in the theft of 1.1TB of corporate data.
Ryan Mitchell Kramer, 25, of California, pleaded guilty to breaking into Disney’s systems. Kramer used a fake AI platform that purported to generate AI-based images. In reality, it was malware that he distributed on various online platforms, including GitHub. A Disney employee downloaded the program between April and May 2024, giving Kramer access to his computer.
After infecting the system, the attacker gained access to the employee’s accounts, including Slack accounts, which stored sensitive company information. Kramer copied 1.1 TB of information, including logins and passwords. After the hack, he introduced himself as a member of the Russian hacking group “NullBulge” and threatened to release the stolen data. After receiving no response to the threats, the hacker published personal data and confidential company information in the public domain.
In addition to this incident, Kramer admitted that he used the same software to infect the devices of at least two other people. The attacker is accused of illegal access to a computer, theft of information and threats to harm a protected computer.
The hack was the result of careless use of third-party platforms for developing artificial intelligence. The attacker took advantage of users’ trust in AI services, which emphasizes the need for caution when using new technologies. Disney became another victim of a cyberattack using social engineering methods, when malicious software was presented as a useful tool.
This case highlights the importance of improving cybersecurity in organizations and training employees to recognize potential threats. Using untested software, even downloaded from trusted platforms, can lead to the leakage of important data and financial losses.
66 
97 
59 