Red Sky Alliance

Wapack Labs has operated Red Sky Alliance for over seven years. We are a trusted group of organizations, large and small, sharing information about targeted, advanced, and emerging cyber threats in a private secure portal. 
Red Sky Alliance offers TLP White and Green reporting that can satisfy most any situational awareness need, with reports, forums and people to ask questions of - Sign up Now for FREE Membership and Access to all Content.

Get Advice, Intelligence, & Help.

The Red Sky Alliance portal offers cyber security reporting and training materials that can help your company meet the cyber threat challenges of today.

Sign up Now for FREE Membership and Access to all Content.


Hackers Spoof Qatari Darwish Trading Company


Wapack Labs observed malicious email trending on CTAC which detected an uptick in Darwish Trading Company (DTC) spoofing.  Hackers pretend to be from this Qatari company as it has a wide range of business activities to include servicing the oil and gas sector.  During 29 March 2019 – 3 April 2019, these samples were seen delivering Lokibot and PonyLoader malware.


Read more…

Loki's Underground Evolution


Loki is a very popular bot/stealer malware which has been for sale in the underground since 2015.  In 2017, two hackers from the Russian hacking forum fuckav.ru cracked Loki and released a cracked builder.  Once the cracked builder was released new unofficial versions of Loki were found for sale in novice English speaking forums for less than the original version. 

This report provides details on the following Loki…

Read more…

Smominru Botnet

Summary Beginning in August of 2017, a new cryptocurrency mining botnet, dubbed Smominru, started propagating via the recently leaked Eternal Blue exploit. Smominru, aka MyKings, is characterized by the targeting of Windows systems using WMI as a file-less persistence mechanism. As of March 2019, Smominru showed no signs of slowing down. Wapack Labs has identified approximately 316K victims connecting to Smominru infrastructure over a period of 6 days. This report provides a high-level overview…
Read more…

China’s need for energy has skyrocketed over the last 20 years as the country has gotten richer and the middle class—now 400 million—has grown into a significant segment of the population.  Energy demands are not being met by domestic production, so China is now a net importer of oil, natural gas, and coal.

China’s energy source mix has traditionally been dominated by coal, but the share of energy produced by coal is dropping.  China is highly dependent on imported oil,…

Read more…

Cyber Intelligence Briefing

Cyber Intelligence Briefing
Wapack Labs is excited to introduce a NEW series of monthly cyber intelligence on-line briefings. Listen to top cyber professionals share threat intelligence that has the potential to transform your cyber security. 
Did you miss it? No worries. SIGN-IN HERE!
  • How Big a Problem is Huawei?
  • Credit Unions Receiving Targeted Malicious eMails
  • RDPwned: 4 Attack Types & the Solutions

Wapack Labs in the News

On - Demand, Red Sky Alliance Threat Brief Broadcast.

Please join us every week for an, on demand, rebroadcast of our Weekly Red Sky Alliance Threat Brief, a succinct summary of current threat activities designed to inform your decision-making. Listen in on what our Wapack Labs analysts have been working on.

Register Here, Watch Now
See you online!

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance


  • How would I hack a Dealership? In the Automotive Section.
  • Maritime watch list report for the week of 04 19 2019 is now posted in the Transportation Section.
  • Venezuelan Oil sent to the Port of Spain - see Transportation section.
  • Wapack Labs analyst got a copy of leaked internal documents for Iranian government hacking group known as APT34. Work in progress.
  • Car's Autopilot Tricked - Automotive Section
  • Shipping and AI in Transportation Section
  • Maritime watch list and Vessel Impersonation reports for the week of 04 12 2019 are now posted in the Transportation Section.
  • Oil and Gas brief 04 12 2019 in Oil and Gas Section.
  • Julian Assange arrested in London, the US charging Assange with conspiring to hack a Defense Department computer in order to publish classified U.S. documents. The Ecuadoran president specifically cited Assange’s involvement in what he described as WikiLeaks’ meddling in the internal affairs of other countries, referring to the leaking of documents from the Vatican in January. As a blowback for the Assange's arrest hacktivists are DDoSing the Ecuadoran Embassy website and look for other ways of retribution.
    twitter[.]com/your_anon_net/status/1116332947764854785 and twitter[.]com/anonopsofficial/status/1116334671187591174
  • GPS and Cars in Automotive Section.
This reply was deleted.