FlagThis - #InsiderThreat

Ryan Kramer, a 25-year-old from California, has pleaded guilty to two criminal charges related to a significant data breach at Disney. Kramer, operating under the alias "NullBulge," admitted to illegally accessing Disney's internal Slack channels and stealing over 1.1 terabytes of confidential data. The stolen data included internal communications, sensitive information, images, source code, and credentials. The breach led Disney to switch from Slack to Microsoft Teams following the incident, which impacted over 10,000 Slack channels.

He distributed a malicious program, disguised as an AI-powered image generation tool, on platforms like GitHub. This program contained a backdoor that allowed him to access the computers of those who downloaded and executed it. According to prosecutors, a Disney employee fell victim to this poisoned project between April and May of 2024, inadvertently granting Kramer access to their network and online credentials. This initial breach then allowed Kramer to move laterally within Disney's systems, compromising various platforms and confidential data storage areas.

Armed with the stolen data, Kramer, falsely claiming affiliation with the Russian hacking group NullBulge, attempted to extort the victim. When the victim did not respond, Kramer proceeded to release their personal information, including bank, medical, and other sensitive details, across multiple platforms. While Kramer awaits sentencing, he faces a maximum of five years in federal prison for each felony count of accessing a computer to obtain information and threatening to damage a protected computer. The FBI is also investigating the extent to which data from at least two other victims who downloaded Kramer's malicious GitHub project may have been compromised.


References :

• bsky.app: Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data
• cyberinsider.com: A 25-year-old Santa Clarita man has agreed to plead guilty to hacking a Disney employee's personal computer, stealing login credentials, and exfiltrating 1.1 terabytes of confidential data from internal Slack channels used by the entertainment giant.
• The DefendOps Diaries: Explore lessons from Disney's Slack breach, highlighting corporate cybersecurity vulnerabilities and strategies for protection.
• BleepingComputer: Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data
• www.scworld.com: California man admits to Disney cyberattack
• The Register - Security: Disney Slack attack wasn't Russian protesters, just a Cali dude with malware
• www.scworld.com: Hacker pleads guilty to orchestrating Disney data heist
• www.techradar.com: Hacker pleads guilty to illegally accessing Disney Slack channels and stealing huge tranche of data
• The Register: Disney Slack attack wasn't Russian protesters, just a Cali dude with malware A 25-year-old California man pleaded guilty to stealing and dumping 1.1TB of data from the House of Mouse When someone stole more than a terabyte of data from Disney last year, it was believed to be the work of Russian hacktivists protesting for artist rights. We now know it was actually a 25-year-old Calif…
• go.theregister.com: Disney Slack attack wasn't Russian protesters, just a Cali dude with malware
• gbhackers.com: GBHackers Article: Disney Hacker Admits Guilt After Stealing 1.1TB of Internal Data
• Talkback Resources: Disney Slack hacker was Californian, not Russian: DoJ
• DataBreaches.Net: Disney Hacker Who Accessed 1.1 Terabytes of Data Pleads Guilty
• CyberInsider: Disney Hacker Admits Using Malware-Laced AI Art App to Achieve Breach
• securityonline.info: California Man to Plead Guilty in Hack of Disney Employee, Theft of 1.1TB of Confidential Slack Data

Classification:

• HashTags: #databreach #insiderthreat #Slack
• Company: Disney
• Target: Disney
• Product: Slack
• Feature: Data Theft
• Malware: AI Disguised Malware
• Type: DataBreach
• Severity: Major

Jeffrey Bowie, the CEO of cybersecurity firm Veritaco, has been arrested and charged with two counts of violating Oklahoma's Computer Crimes Act. The charges stem from an incident on August 6, 2024, where Bowie allegedly installed malware on employee computers at St. Anthony Hospital in Oklahoma City. Security footage captured Bowie accessing multiple offices within the hospital before installing the malicious software, which was designed to capture screenshots every 20 minutes and transmit them to an external IP address.

Following the discovery of the unauthorized installation by a vigilant hospital employee, St. Anthony Hospital conducted a forensic review confirming the presence of malware. When confronted, Bowie claimed he needed to use the computer for a family member undergoing surgery, but authorities found his explanation unconvincing. SSM Health, the hospital's parent organization, issued a statement assuring the public that immediate action was taken and that no patient information was compromised due to the security measures in place. The hospital has since increased monitoring and employee training to further protect their systems.

Bowie's arrest has sent shockwaves through the cybersecurity community, particularly given his position as the head of a firm specializing in protecting businesses from cyber threats. Veritaco, described on Bowie's LinkedIn profile as a company focused on "cybersecurity, digital forensics, and private intelligence," employed between two and ten individuals. The incident underscores the potential for insider threats, even from individuals entrusted with security responsibilities, and has led to renewed calls for robust internal controls and employee vigilance.


References :

• Cyber Security News: Cyber Security Company CEO Arrested for Installing Malware Onto Hospital Computers
• gbhackers.com: Jeffrey Bowie, the CEO of a local cybersecurity firm, has been arrested for allegedly planting malware on computers at SSM St. Anthony Hospital.
• buherator's timeline: Cybersecurity News - CEO of cybersecurity firm charged with installing malware on hospital systems 🤦
• securityaffairs.com: Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act.
• Talkback Resources: Veritaco CEO Jeffrey Bowie arrested for allegedly installing malware on hospital computers in violation of Oklahoma's Computer Crimes Act.
• cybersecuritynews.com: Jeffrey Bowie, the CEO of a cybersecurity firm Veritaco, is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital.
• The Register - Security: Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn

Classification:

• HashTags: #InsiderThreat #Cybercrime #Healthcare
• Company: Veritaco
• Target: St. Anthony Hospital
• Attacker: Veritaco CEO
• Feature: Malware Installation
• Type: Malware
• Severity: Major