Red Sky® Alliance

Wapack Labs has been serving information security professionals for over eight years. We invite businesses and organizations, enterprise to small businesses to learn more about cyber threats and how to avoid them. We provide reports, indicators, references and training about targeted, advanced, and emerging cyber threats in our private portal.

Red Sky® Alliance offers TLP White and Green cyber threat reporting for targeted industry segments, international reports and malware/bot analyses.

Let us better prepare you and your team for new cyber threats.

Signing up for access to all content is simple, just enter your name and email address. Redskyalliance.org is free to members and no salesperson will call.

CMA CGM hit with Ragnar

7983768092?profile=RESIZE_400x French container shipping company CMA CGM was hit by a major cyber-attack on 27 September 2020, which disrupted its daily operations.  According to Lloyd’s of London Intelligence sources, several of the company’s Chinese offices were affected by Ragnar Locker ransomware.   CMA CGM initially claimed that their booking system was disabled by an internal IT issue, but later confirmed…

Read more…

7982907887?profile=RESIZE_400x Last week, the US Department of Justice (DOJ) indicted three Iranian hackers for their role in a campaign intended to steal critical data related to US' aerospace and satellite technology and resources.  Said Pourkarim Arabi, 34; Mohammad Reza Espargham, 25; and Mohammad Bayati, 34; are all residents and nationals of Iran and allegedly participated in a coordinated campaign of identity…

Read more…

7969666096?profile=RESIZE_400x In a recent study by CrowdStrike regarding cyber threat activity show more intrusion attempts in the first six months of this year than in all of 2019.  The pandemic-related shift to remote work and the growing availability of Ransomware-as-a-Service (RaaS) were two major drivers.  Red Sky Alliance has reported on many of these ransomware groups and actors in detail in 2020.  These…

Read more…

7969571052?profile=RESIZE_400x A new cybercriminal group called OldGremlin has been targeting Russian companies including banks, industrial enterprises and medical firms with ransomware attacks.

Researchers have said that OldGremlin’s first activities began between late March and early April 2020.  The group took advantage of the COVID-19 pandemic in early lures (a common theme for ransomware strains during…

Read more…

7968972674?profile=RESIZE_400x Artem Lifshits is allegedly a part of Project Lakhta/IRA: the ongoing disinformation campaign targeting the upcoming US election.  Lifshits is facing US criminal charges to commit wire fraud as he was accessing cryptocurrency exchange accounts created using stolen US persons’ personal data.


Artem Lifshits…

Read more…

Oil and Gas Brief 09 25 2020

7968702886?profile=RESIZE_400x Activity Summary - Week Ending 25 September 2020:

  • Analysts identified 3,021 new IP addresses participating in various Botnets
  • Red Sky Alliance observed 56 unique email accounts compromised with Keyloggers
  • RSAC identified 46,283 connections from new unique IP addresses
  • Winnti Group and the Shadowpad Backdoor
  • Baka JavaScript Skimmer…
Read more…

Maritime Cyber Security is Updating; Good !!

7962214498?profile=RESIZE_400x The current US administration is signaling it will be updating the US government’s approach to its maritime cybersecurity strategy.  Cyber security priorities are being discussed to enhance and secure the US’ ability to ‘project power at sea and defend against adversarial cyberattacks.’  The plan involves a re-examination of the national approach to information sharing and better…

Read more…

Raccoon Attack: Exposes Secret Key

7957276054?profile=RESIZE_400x A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions.  Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key…

Read more…


REDXRAY® DISCOVERY -- Daily Notification report of threats against your network. Two Week FREE TRIAL. Sign Up Today, We will get you started!

Schedule Your Demo Now 888-RedXray (888-733-9729)


The next Wednesday Threat Brief is September 30th, at 9:30AM. Every other Wednesday, we review cyber activities, and in 10 minutes or less, you are up to date.


Weekly Briefs Archive. Did you miss previous Cyber Briefs? To catch up, click the playlist link below. Subscribe and be notified when a new video has been added.


In the News

Red Sky Alliance

For more information about Red Sky Alliance, follow the link, ABOUT

RedXray® Compose

Have a writing assignment? Writer's block? Looking for some ideas? Have an idea but need to flush it out some? Have you tried our RedXray® Compose tool? CLICK HERE. Give it a try, you won't be disappointed.

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance


  • Hiring Ship Security & Armed Guards - What You need to Know, from our friends at Dryad Global (see Transportation room). Red Sky Alliance works close with Dryad to show the importance of both maritime physical and cyber security. Piracy and kidnapping remains a transportation challenge.
  • You have humans on your network. They are all over your network doing all sorts of things with company data. Most of them are doing exactly what they are supposed to be doing. Nothing new to report there but do you know who they all are? Should they have that level of access? Why is someone in accounting downloading 1 TB of data? Did that new salesperson just send the competitors a price list? When is the last time you REALLY did some security awareness training besides that one video you sent 6 months ago?

    Now people are working from home. Who is using this corporate device? Where did this Chromebook come from on the network? We have people working at home from China?

    We have a lot of questions and a lot of work ahead of us as it relates to the human element and Information Security. Some say there is are technical controls we need to put in place. Some say it is merely adopting a company culture shift toward security. The truth is probably somewhere in the middle. Discover Recover RedXray
  • New sanction against Russian cyber actors lists virtual currency wallets that they were using! "Cyber-related Designations; ​​​​Foreign Interference in U.S. Election Designations" https://home.treasury.gov/policy-issues/financial-sanctions/recent-...
    Cyber-related Designations; ​​​​Foreign Interference in U.S. Election Designations | U.S. Departmen…
  • Slack has patched a critical remote code execution vulnerability that could enable an attacker to execute arbitrary code in the desktop version of its collaboration software, researchers report. The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine. https://www.darkreading.com/vulnerabilities---threats/slack-patches...
    Slack Patches Critical Desktop Vulnerability
    The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine.
  • Our friends from Dryad Global are reporting that a Marshall Islands flagged Oil tanker PIKE IMO: 9396672 was approached by a small craft approximately 12-14m long. There were 6-8 persons onboard as well as a metal ladder. They attempted to board but aborted after avoidance maneuvers were made by the vessel. The vessel and crew are safe and have continued on route." This demonstrates the persistent perils of shipping off the coast of West Africa. https://channel16.dryadglobal.com
    Channel 16
    The latest global news relating to security and risk, specific to commercial maritime and private yacht operations.
  • RedXray® DISCOVERY - 2 Week Free trial.....check it out.
  • Nibbi : The very active APT group of unknown origins. Learn More. Register for our August 27, 2020 CIB Webinar. More topics to come. We will keep you updated. https://global.gotowebinar.com/join/8782169210544615949/854841547
  • Check out the current issue of Phish & Ships for July 2020 - from our friends at Be Cyber Aware at Sea. In the Transportation Section.
  • Indicators from around the world. Take a look at this week's indicators and see how malicious emails have no problem crossing international borders.
  • Shanghai is the busiest shipping port in the world... Which also makes it one of the largest targets in the maritime sector. Take a look at the top indicators in the Indicators channel this week!
This reply was deleted.
E-mail me when people leave their comments –