Profile

HomeProfilesSveva Vittoria Scenarelli

Sveva Vittoria Scenarelli

Cyber Threat Intelligence Manager at PwC

Sveva is a Cyber Threat Intelligence Manager at PwC. Her focus is on tracking advanced persistent threats based in North Korea and China, spanning malware and infrastructure analysis and intrusion clustering, but she loves all things Threat Intelligence. Sveva holds industry-recognised certifications in Threat Intelligence and Malware Reverse Engineering, and has presented her research at several international conferences including BlackHat, VirusBulletin, CONFidence, and CyberThreat. Sveva’s passion is to deep-dive into the activity of threat actors over time, to highlight how they change techniques and targeting, and what defenders can do about it.

AllSessions

Day 2
May 10, 2024
2:20 am

White Dev 162: Invitation to discussion

Sveva Vittoria Scenarelli
10 May
Time:  2:20 am - 2:50 am
Location: 
Speaker:  Sveva Vittoria Scenarelli

As it often does, it started with an email: “Invitation to discussion”. Several email lures, fake login portals, SSL certificates and typosquat domains later, what started as a credential phishing campaign targeting think tanks in the United States and United Kingdom became an information operation (IO) targeting Ukraine.

This presentation unpicks White Dev 162, an emerging threat actor still under investigation that the PwC Threat Intelligence Team started tracking in the summer of 2023. Since then, we have observed White Dev 162 conducting what appears to be both likely espionage and IOs. Is this a state-sponsored threat actor conducting espionage with the intent of using information in cyber-dependent IOs? Is it a new threat actor at all; or a spinoff, or even a campaign, of an existing one? And, to what degree do White Dev 162’s operations align with Russian interests?

With White Dev 162, we retrace the process of identifying new activity, building out a new cluster of threat activity, and ending up with open questions.