Phony Hacktivist Pleads Guilty to Disney Data Leak - Dark Reading

Threat IntelligenceCyberattacks & Data BreachesCyber RiskData PrivacyNewsPhony Hacktivist Pleads Guilty to Disney Data LeakAfter stealing sensitive data from Disney, Ryan Mitchell Kramer claimed to be part of a Russian hacktivist group protecting artists' rights and ensuring they receive fair compensation for their work.Kristina Beek,Associate Editor,Dark ReadingMay 5, 20252 Min ReadSource: Gregg Vignal via Alamy Stock PhotoNEWS BRIEFRyan Mitchell Kramer, 25, of Santa Clarita has agreed to plead guilty to hacking the personal device of an employee of The Walt Disney Company in 2024. Kramer obtained login information that allowed him to illegally download confidential data through the employee's Slack account.Kramer was charged with one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer, each of which carry a prison sentence of up to five years. In 2024, a hacker group called NullBulge posted on a hacking forum that it had stolen 1.1TB of data from Disney's internal Slack channels. This prompted Disney to launch an investigation into the matter, which allegedly involved information on unreleased projects as well as source code and login credentials.NullBulge claimed to be a Russian hacktivist group that was protecting artists' rights and ensuring fair compensation for their work. However, researchers at SentinelOne analyzed the threat group's activity and said that its actions contradicted what it claimed.Kramer distributed malicious code disguised as a tool for creating AI-generated art, which he used to gain access to victims' devices. A Disney employee downloaded the fake AI tool, which allowed Kramer to access their device and, later, access sensitive corporate data.Kramer attempted to extort the Disney employee and leaked his personal information along with the stolen Disney files when he received no response.After the data leak was discovered, Disney reportedly stopped using Slack for communications and fired the employee who downloaded the fake AI tool. The ex-employee has since filed a wrongful termination complaint against the company. In his plea agreement, Kramer also admitted to at least two other victims downloading his malicious file, allowing him to gain access to unauthorized computers and their accounts, though the victims remain unidentified. The FBI is continuing to investigate this matter. Read more about:News BriefsAbout the AuthorKristina BeekAssociate Editor, Dark ReadingKristina Beek is an associate editor at Dark Reading, where she covers a wide range of cybersecurity topics and spearheads video-related content. She is the creator and host of the Heard It From a CISO video series, where she interviews CISOs, directors, and other industry strategists to provide insights into the ever-evolving cybersecurity landscape. In addition to her editorial work, Kristina manages Dark Reading's social media channels and contributes to the platform's video coverage.Kristina graduated from North Carolina State University in 2021 with a degree in Political Science, concentrating in law and justice, and a minor in English. During her time at NC State, she honed her writing skills by contributing opinion pieces to the university's newspaper. After graduation, she began her career as a content editor before joining Dark Reading.Currently based in Washington, DC, you can find Kristina reading, taking walks in Georgetown, and wandering the museums surrounding the National Mall.See more from Kristina BeekMore InsightsIndustry ReportsFrost Radar™: Non-human Identity Solutions2026 CISO AI Risk ReportCybersecurity Forecast 2026The ROI of AI in SecurityThreatLabz 2025 Ransomware ReportAccess More ResearchWebinarsBuilding a Robust SOC in a Post-AI WorldRetail Security: Protecting Customer Data and Payment SystemsRethinking SSE: When Unified SASE Delivers the Flexibility Enterprises NeedSecuring Remote and Hybrid Work Forecast: Beyond the VPNAI-Powered Threat Detection: Beyond Traditional Security ModelsMore WebinarsEditor's ChoiceCybersecurity OperationsWhy Stryker's Outage Is a Disaster Recovery Wake-Up CallWhy Stryker's Outage Is a Disaster Recovery Wake-Up CallbyJai VijayanMar 12, 20265 Min ReadWant more Dark Reading stories in your Google search results?2026 Security Trends & OutlooksThreat IntelligenceCybersecurity Predictions for 2026: Navigating the Future of Digital ThreatsJan 2, 2026Cyber RiskNavigating Privacy and Cybersecurity Laws in 2026 Will Prove DifficultJan 12, 2026|7 Min ReadEndpoint SecurityCISOs Face a Tighter Insurance Market in 2026Jan 5, 2026|7 Min ReadThreat Intelligence2026: The Year Agentic AI Becomes the Attack-Surface Poster ChildJan 30, 2026|8 Min ReadDownload the CollectionKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsBuilding a Robust SOC in a Post-AI WorldThurs, March 19, 2026 at 1pm ESTRetail Security: Protecting Customer Data and Payment SystemsThurs, April 2, 2026 at 1pm ESTRethinking SSE: When Unified SASE Delivers the Flexibility Enterprises NeedWed, April 1, 2026 at 1pm ESTSecuring Remote and Hybrid Work Forecast: Beyond the VPNTues, March 10, 2026 at 1pm ESTAI-Powered Threat Detection: Beyond Traditional Security ModelsWed, March 25, 2026 at 1pm ESTMore WebinarsWhite PapersAutonomous Pentesting at Machine Speed, Without False PositivesFixing Organizations' Identity Security PostureBest practices for incident response planningIndustry Report: AI, SOC, and Modernizing CybersecurityThe Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks.Explore More White PapersGISEC GLOBAL 2026GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills.📌 Book Your Space