Red Sky® Alliance

Wapack Labs has been serving information security professionals for over eight years. We invite businesses and organizations, enterprise to small businesses to learn more about cyber threats and how to avoid them. We provide reports, indicators, references and training about targeted, advanced, and emerging cyber threats in our private portal.

Red Sky® Alliance offers TLP White and Green cyber threat reporting for targeted industry segments, international reports and malware/bot analyses.

Let us better prepare you and your team for new cyber threats.

Signing up for access to all content is simple, just enter your name and email address. Redskyalliance.org is free to members and no salesperson will call.


8929187069?profile=RESIZE_400x Activity Summary - Week Ending 14 May 2021:

  • Red Sky Alliance observed 78 unique email accounts compromised with Keyloggers
  • Analysts identified 23,596 connections from new unique IP Addresses
  • 1,802 new IP addresses are participating in various Botnets
  • COVID-19 Lures Continue
  • RotaJakiro
  • Lemon Duck
  • Colonial Pipeline and…
Read more…

Social Media Disinformation Targeting NATO

8925820866?profile=RESIZE_400x An ongoing disinformation campaign called "Ghostwriter," which leverages compromised social media accounts is targeting several NATO member countries in Europe.  Ghostwriter is attempting to undermine confidence in the defensive organization as well as spread discord in Eastern Europe.  Researchers who uncovered the campaign in July 2020, have now documented an additional 20 incidents…

Read more…

REvil = LV?

8925651266?profile=RESIZE_400x The REvil ransomware community is one of a new generation of 'Ransomware-as-a-Service' (Raas) businesses. Their core team of developers creates the ransomware, while their "affiliates" spread it to the devices. The developers receive a 20-30% share of any good ransomware attack's earnings, while associates receive a 70-80% payout.Groupe Reorev claims to have had 400GB of confidential data…

Read more…

8925521275?profile=RESIZE_400x Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations.  A direct cyber shot was delivered to the US oil and gas industry, allegedly by a Russian criminal group known as DarkSide.  DarkSide is suspected in the ransomware attack that shut down the US-Georgia based Colonial Pipeline, which immediately created fuel shortages…

Read more…


What is RedPane?

RedPane is a dark web search engine tool that has been developed by Red Sky Alliance since late January 2021. With RedPane we are able to make dark web content available without the need for analysts to touch the dark web to visit Tor .onion sites. To date, we have over 300,000 data points on over 50…

Read more…

This Telegram is Not from Western Union

8913741485?profile=RESIZE_400x Cyber threat actors are increasingly using and abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems.  Telegram is a cloud-based instant messaging and voice-over IP service. Telegram client apps are available for Android, iOS, Windows Phone, Windows NT, macOS, and Linux. …

Read more…

Supply Chains Under Attack

8910810901?profile=RESIZE_400x The U.S. Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology have released a report providing insights on how to enhance supply chain security in the wake of the SolarWinds attack.

The guidance released 28 April 2021, "Defending Against Software Supply…

Read more…

US Pipeline Attacked with Ransomware

8910336854?profile=RESIZE_400x US Atlanta based Colonial Pipeline Company said in a statement last Friday that it was the victim of a cybersecurity attack, and so "proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems."  An updated statement over the weekend it said it had "determined that this incident involves…

Read more…


REDXRAY® DISCOVERY -- Daily Notification report of threats against your network. Two Week FREE TRIAL. Sign Up Today, We will get you started!

Schedule Your Demo Now 888-RedXray (888-733-9729)

2021 SMART4SEA Talk - Becoming cyber resilient: Past, Present,Future

Botnet Detection With Red Sky Alliance & IPinfo

Identify possible malware installations using either our botnet tracker collection or our sinkhole traffic collection. In many cases, it can also identify the malware protocol resulting in high confidence hits. This threat intelligence includes source IP addresses, destination IP addresses, domains, or URLs. DEMO SIGNUP


Please Join our REDSHORT webinar. 'RED' as in something important from Red Sky Alliance and 'SHORT' as in 10 minutes or less twice a month. We will cover highlights of 1-2 trending topics, Trending Cyber Indicators, and include a link to a detailed report we will share. Our Encore presentations, also twice a month, same place & time, we will present previous webinars. Questions on any of these webinars can be answered in our redskyalliance.org Cyber Security Blog.


In the News

Red Sky Alliance

For more information about Red Sky Alliance, follow the link, ABOUT

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance


  • It is early in the MDT time zone and I just finished taping the Smart4Sea Virtual Talk. The panel discussion will be broadcasted on Wednesday 12 May 2021. Here is the link: events.safety4sea.com/smart4sea-talk
  • New access to RedPane our Dark Web Search Engine. Read all about it: https://www.wapacklabs.com/news/2021/4/21/redpane-access
    Red Sky Alliance — Wapack Labs
  • On 15 April the Houston Rockets of the National Basketball Association (NBA) reported they are investigating a cyber-attack against their networks from a relatively new ransomware group that claims to have stolen internal business data. The hacking group: Babuk
  • Did you ever wonder what my office looks like? Take a look and listen to one of of my recent interviews. https://www.linkedin.com/feed/update/urn:li:activity:67854831587259...
  • Red Pane Released to the public this week: https://www.linkedin.com/feed/update/urn:li:activity:67751531235446...
    Jim McKee on LinkedIn: Targeted Dark Web Analysis Engine for Your Cyber Threat Intelligence
    https://lnkd.in/ez9q7Gv The targeted Dark Web intelligence provided by our REDPANE product is an Analysis Engine for your Cyber Threat Intelligence T…
  • US CISA has two new publications related to Microsoft Exchange vulnerabilities; details are provided below.
    CISA page: Remediating Microsoft Exchange Vulnerabilities (TLP:WHITE) https://us-cert.cisa.gov/remediating-microsoft-exchange-vulnerabili...
    CISA Current Activity: CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities (TLP:WHITE) https://us-cert.cisa.gov/ncas/current-activity/2021/03/08/cisa-stro...
    Remediating Microsoft Exchange Vulnerabilities | CISA
    Note: CISA will update this web page as we have further guidance to impart.
  • You Can Run, but you Can't Hide - South Korean national police have announced today the arrest of a 20-year-old suspect on charges of distributing and infecting victims with the GandCrab ransomware.
    The suspect, whose name was not released, operated as a customer of the GandCrab Ransomware-as-a-Service (RaaS) cybercrime operation.
    Known as an affiliate — or a distributor— police say the suspect operated by taking copies of the GandCrab ransomware and distributing them via email to victims across South Korea.
  • More news on our RedPane Dark Web search engine coming out this week. Please visit https://www.wapacklabs.com/redpane
    RedPane — Wapack Labs
  • The Rise of the Data Marketplaces. I was interviewed by Micaela Mengan and here is the link: https://www.linkedin.com/feed/update/urn:li:activity:67722830322180...
  • If you read about CityBee, hacks can happen; anywhere and at any time - Regardless of location. The legitimate and illegitimate Internet has no borders. All companies and businesses need a reasonable level of network protection and sound cyber security procedures and training. Is that all a network needs? No. Had the big-mouthed hacker not announced the CityBee breach and subsequent on-line sale of data – the victims would not know what happened. Enter Red Sky Alliance and CTAC/RedXray and it RedPane dark web collection and analysis component. Our products help further protect your network against hacking and later anguish. Our tools and services are an excellent complement to a network defense for any foreign or domestic cyber threat (even in Lithuania). In addition to offering cyber protection, we offer cyber insurance through Cysurance. Call today for a quote.
This reply was deleted.
E-mail me when people leave their comments –