Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
Background
UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor
A California man has pleaded guilty to hacking an employee of The Walt Disney Company by tricking the person into running a malicious version of a widely used open source AI image-generation tool.
Ryan Mitchell Kramer, 25, pleaded guilty to one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer, the US Attorney for the Central District of California said Monday. In a plea agreement, Kramer said he published an app on GitHub for creating AI-generated art. The program contained malicious code that gave access to computers that installed it. Kramer operated using the moniker NullBulge.
According to researchers at VPNMentor, the program Kramer used was ComfyUI_LLMVISION, which purported to be an extension for the legitimate ComfyUI image generator and had functions added to it for copying passwords, payment card data, and other sensitive information from machines that installed it. The fake extension then sent the data to a Discord server that Kramer operated. To better disguise the malicious code, it was folded into files that used the names OpenAI and Anthropic.
Source Link: https://educronix.com/man-pleads-guilty-to-using-malicious-ai-software-to-hack-disney-employee/
Author: Ernestro Casas -
Published on:
Background
UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor
This week, The Financial Times reports that London-based altnet Community Fibre has posted earnings before
The partnership will allow seamless end-to-end service provisioning across Latin America, the Caribbean, and Europe
The research reveals the average cost to send an SMS internationally leapt by over 85%
Fake image-generating app allowed man to download 1.1TB of Disney-owned data.
