A 25-year-old California man has pleaded guilty to hacking Disney by distributing a fake AI art generator that was actually a vehicle for malware used to steal highly sensitive data.
Ryan Mitchell Kramer admitted to launching the scheme between April and May 2024. He uploaded the fake AI tool to platforms like GitHub, luring victims including a Disney employee into downloading it under the guise of generating AI images. Instead, the malicious software gave Kramer remote access to the victim’s computer.
Once inside, Kramer harvested login credentials stored on the employee’s device, gaining access to both work and personal accounts. He also infiltrated Disney’s internal Slack channels, extracting over a terabyte of confidential company data.
To disguise his identity, Kramer posed as a member of the Russian hacktivist group “NullBulge” and threatened to publish stolen data unless demands were met. When the Disney employee failed to respond, Kramer followed through leaking Disney’s sensitive corporate data and the victim's personal, medical, and financial information on multiple online platforms.
Authorities later revealed that Disney wasn’t his only target. Kramer confessed to compromising at least two other individuals through the same fake AI generator.
According to the U.S. Department of Justice, Kramer now faces charges including unauthorized computer access and threatening to damage a protected computer as part of a plea agreement.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
