Home

Red Sky Alliance

Wapack Labs has operated Red Sky Alliance for over seven years. We are a trusted group of organizations, large and small, sharing information about targeted, advanced, and emerging cyber threats in a private secure portal.

Red Sky Alliance offers TLP White and Green reporting that can satisfy most any situational awareness need, with reports, forums and people to ask questions of - Sign up Now for FREE Membership and Access to all Content.

Get Advice, Intelligence, & Help.

The Red Sky Alliance portal offers cyber security reporting and training materials that can help your company meet the cyber threat challenges of today.

Sign up Now for FREE Membership and Access to all Content.

X-Industry

Hackers Spoof Qatari Darwish Trading Company

Posted by Yury Polozov on April 10, 2019 at 11:54am

Summary

Wapack Labs observed malicious email trending on CTAC which detected an uptick in Darwish Trading Company (DTC) spoofing. Hackers pretend to be from this Qatari company as it has a wide range of business activities to include servicing the oil and gas sector. During 29 March 2019 – 3 April 2019, these samples were seen delivering Lokibot and PonyLoader malware.

Details…

Loki's Underground Evolution

Posted by Jesse Burke on April 9, 2019 at 5:33pm

Summary

Loki is a very popular bot/stealer malware which has been for sale in the underground since 2015. In 2017, two hackers from the Russian hacking forum fuckav.ru cracked Loki and released a cracked builder. Once the cracked builder was released new unofficial versions of Loki were found for sale in novice English speaking forums for less than the original version.

This report provides details on the following Loki…

Smominru Botnet

Posted by Scott Hall on April 3, 2019 at 2:14pm

Summary Beginning in August of 2017, a new cryptocurrency mining botnet, dubbed Smominru, started propagating via the recently leaked Eternal Blue exploit. Smominru, aka MyKings, is characterized by the targeting of Windows systems using WMI as a file-less persistence mechanism. As of March 2019, Smominru showed no signs of slowing down. Wapack Labs has identified approximately 316K victims connecting to Smominru infrastructure over a period of 6 days. This report provides a high-level overview…

CHINA NEEDS OIL: FORECASTING CHINA’S ENERGY IMPORT DEPENDENCY

Posted by Bill Schenkelberg on April 3, 2019 at 10:20am

China’s need for energy has skyrocketed over the last 20 years as the country has gotten richer and the middle class—now 400 million—has grown into a significant segment of the population. Energy demands are not being met by domestic production, so China is now a net importer of oil, natural gas, and coal.

China’s energy source mix has traditionally been dominated by coal, but the share of energy produced by coal is dropping. China is highly dependent on imported oil,…

Cyber Intelligence Briefing

WAPACK LABS PRESENTS

Cyber Intelligence Briefing

Wapack Labs is excited to introduce a NEW series of monthly cyber intelligence on-line briefings. Listen to top cyber professionals share threat intelligence that has the potential to transform your cyber security.

Did you miss it? No worries. SIGN-IN HERE!

MARCH TOPICS

How Big a Problem is Huawei?
Credit Unions Receiving Targeted Malicious eMails
RDPwned: 4 Attack Types & the Solutions

Wapack Labs in the News

On - Demand, Red Sky Alliance Threat Brief Broadcast.

Please join us every week for an, on demand, rebroadcast of our Weekly Red Sky Alliance Threat Brief, a succinct summary of current threat activities designed to inform your decision-making. Listen in on what our Wapack Labs analysts have been working on.

Register Here, Watch Now
See you online!

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance

Comments

Bill Schenkelberg April 19, 2019 at 6:28pm

How would I hack a Dealership? In the Automotive Section.
Austin Talbot April 19, 2019 at 3:32pm

Maritime watch list report for the week of 04 19 2019 is now posted in the Transportation Section.
Austin Talbot April 19, 2019 at 3:30pm

Venezuelan Oil sent to the Port of Spain - see Transportation section.
Yury Polozov April 19, 2019 at 9:56am

Wapack Labs analyst got a copy of leaked internal documents for Iranian government hacking group known as APT34. Work in progress.
Bill Schenkelberg April 16, 2019 at 10:12am

Car's Autopilot Tricked - Automotive Section
Bill Schenkelberg April 16, 2019 at 8:56am

Shipping and AI in Transportation Section
Austin Talbot April 12, 2019 at 10:24pm

Maritime watch list and Vessel Impersonation reports for the week of 04 12 2019 are now posted in the Transportation Section.
Bill Schenkelberg April 12, 2019 at 6:30pm

Oil and Gas brief 04 12 2019 in Oil and Gas Section.
Yury Polozov April 11, 2019 at 12:13pm

Julian Assange arrested in London, the US charging Assange with conspiring to hack a Defense Department computer in order to publish classified U.S. documents. The Ecuadoran president specifically cited Assange’s involvement in what he described as WikiLeaks’ meddling in the internal affairs of other countries, referring to the leaking of documents from the Vatican in January. As a blowback for the Assange's arrest hacktivists are DDoSing the Ecuadoran Embassy website and look for other ways of retribution.
twitter[.]com/your_anon_net/status/1116332947764854785 and twitter[.]com/anonopsofficial/status/1116334671187591174
Bill Schenkelberg April 11, 2019 at 11:20am

GPS and Cars in Automotive Section.

of 6

This reply was deleted.

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use Red Sky Alliance.

Please check your browser settings or contact your system administrator.

Summary

Note: this page contains paid content.

Comments