A 25-year-old man from Santa Clarita, California, has agreed to plead guilty to a significant cybersecurity breach involving unauthorized access to the personal computer of a Walt Disney Company employee. This incident, which occurred last year, has raised serious concerns regarding data security at one of the largest entertainment conglomerates globally.
Ryan Mitchell Kramer faces multiple charges related to unauthorized computer access, as well as making threats to damage protected computers. This case underscores the growing problem of sophisticated cyberattacks targeting high-profile organizations and their employees.
Details of the Incident
According to federal prosecutors, the breach began when Kramer disseminated a seemingly innocuous software application in early 2024, purportedly a tool for generating AI art. The program, available on platforms like GitHub, was embedded with malicious code designed to compromise the computers of those who downloaded it.
The Disney employee who unwittingly installed the software in April or May 2024 inadvertently granted Kramer access to their personal computer, allowing him to capture stored login credentials, including those related to work accounts. This access enabled him to infiltrate Disney’s internal Slack channels, frequently used for confidential discussions and collaborative projects. Over May 2024, Kramer illegally downloaded approximately 1.1 terabytes of sensitive data from various private channels.
In July 2024, Kramer intensified his criminal activities by impersonating a member of a fictitious Russian hacktivist group called “NullBulge.” He contacted the victim via email and the messaging platform Discord, threatening to publicly release both personal and corporate data if his demands were not met. When the victim failed to respond, Kramer followed through on these threats, disseminating the stolen files along with the employee’s personal information—including banking and medical data—across multiple online platforms on July 12, 2024.
The extent of Kramer’s actions goes beyond this single event. His plea agreement reveals that at least two other individuals fell victim to the same malicious program, illustrating the broader implications of this cyberattack.
This case is being prosecuted by Assistant United States Attorneys Lauren Restrepo and Maxwell Coll, who specialize in cyber and intellectual property crimes. Kramer is facing two felony charges, each carrying a potential maximum sentence of five years in federal prison. His initial court appearance is forthcoming at the United States District Court in downtown Los Angeles.
As the Federal Bureau of Investigation (FBI) continues its investigation, the incident serves as a stark reminder of the pressing need for robust cybersecurity measures. This attack highlights critical vulnerabilities in digital environments, particularly concerning social engineering and malware exploitation—elements that fortify the necessity for vigilance within the corporate sphere.
With an eye toward the MITRE ATT&CK framework, it’s evident that this breach involved initial access through a malicious program, followed by privilege escalation to gain sensitive information. Such tactics emphasize the complexities and risks posed by modern cyber threats, particularly for organizations handling valuable data.
