Ethical Hacking News
A 25-year-old California man has pleaded guilty to using malicious AI software to hack a Disney employee, exposing thousands of confidential channels and siphoning sensitive information from their computer. In a chilling example of cyber malfeasance, the perpetrator used a fake image generation tool to gain unauthorized access to the victim's online accounts before releasing the stolen data on the dark web.
A 25-year-old California resident, Ryan Mitchell Kramer, pleaded guilty to hacking an employee of The Walt Disney Company. Kramer used a malicious AI software app that masqueraded as legitimate tooling to exploit the victim's computer and online accounts. He embedded malicious code within seemingly benign files to conceal his intentions and transmit stolen data to a Discord server controlled by him. The hacking resulted in the unauthorized access of thousands of confidential channels, including sensitive information about the employee's financial, medical, and personal lives. Kramer chose not to extort further but publicly released the illicitly obtained data, causing widespread concern for law enforcement agencies. As part of his guilty plea, Kramer admitted to compromising two additional victims who had unknowingly installed ComfyUI_LLMVISION on their computers.
In a chilling exemplar of cyber malfeasance, a 25-year-old California resident has pleaded guilty to hacking an employee of The Walt Disney Company by exploiting a malicious AI software app that masqueraded as legitimate open-source tooling. Ryan Mitchell Kramer, operating under the pseudonym NullBulge, had published his nefarious ComfyUI_LLMVISION app on GitHub in April 2024. Unbeknownst to unsuspecting users, this innocuous-looking extension for the widely-used ComfyUI image generator software was actually a Trojan horse designed to plunder sensitive information from compromised computers.
Kramer's ingenious scheme involved embedding malicious code within seemingly benign files bearing the names OpenAI and Anthropic, thereby concealing his malevolent intentions from discerning users. The compromised extensions then covertly transmitted the pilfered data to a specially crafted Discord server controlled by Kramer. This brazen hacking modus operandi enabled him to access private Disney Slack channels without being detected.
In May 2024, after gaining unauthorized entry into the employee's computer and online accounts, Kramer successfully accessed thousands of confidential channels, which he subsequently downloaded in excess of 1.1 terabytes. The stolen material included sensitive information about the employee's financial, medical, and personal lives. To further extort leverage over his victim, Kramer impersonated a member of an unnamed hacktivist group and demanded that the employee respond to his message.
Despite receiving no reply from the hapless employee, Kramer chose to publicly release the illicitly obtained data in early July 2024. The released files contained not only confidential Disney material but also detailed information about the victim's bank account, medical records, and personal details. This brazen digital heist, replete with an unprecedented level of sophistication, has left law enforcement agencies scrambling to apprehend the perpetrator.
In a closely watched development, Kramer has accepted responsibility for his actions in a plea agreement entered before the United States Attorney for the Central District of California. As part of his guilty plea, Kramer admitted to compromising two additional victims who had unknowingly installed ComfyUI_LLMVISION on their computers. This disturbing revelation underscores the pervasive threat posed by malicious AI software and serves as a stark reminder of the imperative need for vigilance in safeguarding one's digital assets against such malevolent actors.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Malignant-Interloper-The-Dark-Web-Hijacking-of-a-Disney-Employee-ehn.shtml
https://arstechnica.com/ai/2025/05/man-pleads-guilty-to-using-malicious-ai-software-to-hack-disney-employee/
https://www.cbsnews.com/losangeles/news/la-county-man-agrees-to-plead-guilty-to-hacking-disney-employees-computer/
https://openai.com/index/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors/
https://openai.com/global-affairs/disrupting-malicious-uses-of-ai/
https://www.anthropic.com/news/detecting-and-countering-malicious-uses-of-claude-march-2025
https://incidentdatabase.ai/cite/1054
https://cybersecuritynews.com/comfyui-users-targeted-by-malicious/
Published: Mon May 5 20:09:23 2025 by llama3.2 3B Q4_K_M
