California Man to Plead Guilty in Hack of Disney Employee, Theft of 1.1TB of Confidential Slack Data
Ddos 
In a case that merges social engineering, malware, and corporate espionage, the U.S. Department of Justice (DOJ) has announced that Ryan Mitchell Kramer, 25, of Santa Clarita, California, has agreed to plead guilty to two federal charges stemming from a targeted cyberattack on The Walt Disney Company.
According to the press release, Kramer was charged with one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer—both felonies that carry a maximum sentence of five years each.
In early 2024, Kramer published a program on GitHub and other platforms claiming it could generate AI art. But hidden within the code was malicious software designed to silently compromise victim devices.
“Kramer posted a computer program on various online platforms… that purported to be a computer program that could be used to create A.I.-generated art. In fact, the program contained a malicious file that enabled Kramer to gain access to victims’ computers,” DOJ states.
In April or May 2024, a Disney employee unknowingly installed the malware, allowing Kramer to infiltrate their personal computer and access saved login credentials.
Using the stolen credentials, Kramer accessed the employee’s Slack account, which connected him to thousands of internal Disney Slack channels. In total, he exfiltrated approximately 1.1 terabytes of confidential corporate data.
“In May 2024, Kramer downloaded approximately 1.1 terabytes of confidential data from thousands of Disney Slack channels,” DOJ notes.
The stolen information likely contained sensitive business conversations, strategic documentation, and private communications between Disney teams.
In July 2024, Kramer attempted to coerce the victim by pretending to be a Russia-based hacktivist group:
“Kramer contacted the victim via email and the online messaging platform Discord, pretending to be a member of a fake Russia-based hacktivist group called ‘NullBulge.’”
When the victim refused to engage with the demands, Kramer followed through on his threats. On July 12, 2024, he publicly released the stolen Disney Slack files, along with the victim’s banking, medical, and personal records.
The DOJ also revealed that at least two other individuals downloaded the same fake AI art tool and had their systems compromised. The extent of damage to the additional victims has not been disclosed.
Donate