[Speakers]
Adversary Village at
DEF CON 33

DEF CON 33 Schedule

Cybelle Oliveira

CTI Malwarelandia

Cybelle Oliveira is a Cyber Threat Intelligence researcher and a Master’s student in Cyber Intelligence. She teaches in a postgraduate CTI specialization program in Brazil and is the co-founder of La Villa Hacker — the first DEF CON village dedicated to the Portuguese and Spanish-speaking community. Cybelle has spoken at some of the world’s leading security conferences, including DEF CON, BSides Las Vegas/São Paulo/Rio de Janeiro, 8.8 Chile, Cryptorave, Radical Networks, Mozilla Festival, and many others. Her work often explores the intersection of cyber threats, geopolitics, and underreported regions, with a particular interest in the strange, obscure, and catastrophically messy corners of cybersecurity.

Talk: Operational Twilight: APTs, OT, and the geopolitics of a dying climate

Saturday | Aug 9th2025
DEF CON Creator Stage 5 (Room 229) | Las Vegas Convention Center
Adversary Village Panel
Purple Teaming

We’re trying to debug the end of the world through trial and error — mostly error. In the middle of a worsening climate crisis, outdated OT protocols like Modbus are being exploited by state-sponsored actors in ways that turn environmental infrastructure into geopolitical weapons. From hijacked dams running Windows 95-era code to smart thermostats recruited into botnets fighting over Arctic oil, the climate-tech battlefield is already here. This session dives into how APTs are quietly compromising the systems designed to save the planet. We’ll examine real-world campaigns where threat actors have targeted energy grids, carbon capture labs, and EV infrastructure — and how climate action is being derailed by 1970s-era code and modern apathy. This is Cyber Threat Intelligence meets Climate Fiction (Cli-Fi). It’s weird, terrifying, and very real.

Detailed talk outline

  1. The APT Climate Kill List

    Energy grids, carbon capture labs, fusion experiments. All vulnerable to outdated industrial protocols.

  2. Modbus: The Protocol That Could Doom the Planet

    Why it still runs critical systems and how APTs use it to break things quietly, globally.

  3. Case Studies from the Climate Cyberwar:
    • Russia’s “Dark Winter”: How Sandworm used Modbus exploits to freeze cities and reignite fossil fuel demand.
    • China’s “Silent Grid”: APT41 attacks on solar farms and EV chargers using embarrassingly simple flaws.
    • North Korea’s ESG Ransomware: Lazarus fakes green activism to target carbon credit markets.
    • Iran’s “Sandstorm”: Hacking water sensors to worsen droughts in rival nations.
  4. Weaponizing Threat Intel for the Climate Age

    Correlating geopolitical shifts with ICS/OT vulnerabilities, and why CTI teams need a climate lens.

  5. The Future of Climate Cyberwar

    AI-powered hydrogen plant attacks, quantum ICS exploits, and why COP30 could become a hacker playground.

  6. Cyber-Climate Resistance

    Hunting the enemies of planetary stability, defending legacy OT with minimal resources, and why a little cyber-idealism might still save the planet.

Attendee Takeaways:

  • TTPs of APTs targeting OT and ICS systems: from MITM on Modbus to PLC disruption.
  • How to connect threat intelligence to geopolitical and environmental events.
  • Forecasting cyberwar in a warming world and building proactive defenses now.

Access Everywhere.


Join Adversary Village Discord Server.

Join Adversary Village official Discord server to connect with our amazing community of adversary simulation experts and offensive security researchers!