Red Sky Alliance

Wapack Labs has operated Red Sky Alliance for over seven years. We are a trusted group of organizations, large and small, sharing information about targeted, advanced, and emerging cyber threats in a private secure portal. 
Red Sky Alliance offers TLP White and Green reporting that can satisfy most any situational awareness need, with reports, forums and people to ask questions of --  Sign up Now for FREE Membership and Access to all Content.

Get Advice, Intelligence, & Help.

Did you just connect with Jeff on LinkedIn? You are in the right place, the portal offers cybersecurity reporting that can satisfy your situational awareness needs. Sign up Now for FREE Membership and Access to all Content.

Finished Analysis

Mikrotik Proxy Botnet

Mikrotik is a Latvian router and is popular hardware product in many countries. Beginning in 2018, attackers began exploiting vulnerabilities for Mikrotik routers, as well as attempting brute force attacks. As a result, compromised Mikrotik routers have since been leveraged in a host of botnet related activities and fraud. Many of the compromised Mikrotik devices were also made into SOCKS or HTTP proxies and were reported in a number anonymous proxy lists. In March of 2019, Wapack Labs…
Read more…


Shared through the Multi-State (MS)-ISAC: A vulnerability have been discovered in Google Chrome, which could result in arbitrary code execution.  Google Chrome is a web browser used to access the Internet.  This vulnerability can be exploited if a user visits, or is redirected to, a specially crafted web page.  Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser.…

Read more…

How Big a Problem is Huawei ?

Huawei Technologies and its 5G network construction work around the world have created concern in many quarters.  The chief cause for this con cern is the perception that Huawei networks have a unique potential for exploitation by Chinese intelligence services.   

A Wapack Labs review to determine the scale of this problem showed that Huawei is in fact involved in 5G infrastructure development in many countries.  Germany, Ireland,…

Read more…

APT-C-36 / Blind Eagle and Colombia


APT-C-36 or Blind Eagle (BE) is an APT group that is believed to originate from South America.  BE has been carrying out attacks against Colombian government institutions, to include the financial sector, petroleum industry and professional manufacturing.  BE has been active since April 2018.  Affected targets include Ecopetrol (Colombian Oil Company), Banco Agrario (State Financial Institution) and IMSA (Colombian Wheel Manufacturer).  It…

Read more…

Cyber Intelligence Briefing

Cyber Intelligence Briefing
March 20, 2019 at 11:00AM to 12PM EDT
Wapack Labs is excited to introduce a NEW series of monthly cyber intelligence on-line briefings. Listen to top cyber professionals share threat intelligence that has the potential to transform your cyber security. 
Join our Webinar on Wednesday, March 20th at 11AM ET to hear Wapack analysts speak on several cyber topics. Hope you can make it! But if you can't, be sure to register, and I'll be sure to send you a link to the recording.
  • How Big a Problem is Huawei?
  • Credit Unions Receiving Targeted Malicious eMails
  • RDPwned: 4 Attack Types & the Solutions

Wapack Labs in the News

On - Demand, Red Sky Alliance Threat Brief Broadcast.

Please join us every week for an, on demand, rebroadcast of our Weekly Red Sky Alliance Threat Brief, a succinct summary of current threat activities designed to inform your decision-making. Listen in on what our Wapack Labs analysts have been working on.

Register Here, Watch Now
See you online!

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance


  • Maritime Watch list and Vessel Impersonation reports for 03 21 2019 in Transportation Section.
  • Thank you all for attending yesterday's Threat Brief!
  • Oil and Gas Brief for 03 15 2019 posted.
  • Playing with Ballast tanks in Transportation Section.
  • Weekly vessel impersonation and Maritime Watch List for 03 12 2019 in Transportation Section
  • RDP session hijacking can occur on ALL versions of Windows Server. Have you set group policies to expire users active RDP sessions after disconnect? I hope so...
  • With permission through Be Cyber Aware at Sea, we will begin monthly posting of "Phish and Ships" This publication can be found in the Transportation Section.
  • Check out Anchor Panda and Periscope threat actors in Transportation Section.
  • If anyone is using MISP please contact me. I am exploring MISP for documenting Windows Events using their Windows Service attribute types:
    Categories and Types · User guide of MISP Malware Information Sharing Platform, a Threat Sharing Pl…
  • NSA invites to try their reverse-engineering tool Ghidra. The video for the installation and use examples available at https://www.ghidra-sre.org and the Github page for Ghidra is https://github.com/NationalSecurityAgency/ghidra . While it is possible that the tool is given away because it was of limited use, the Decompile to C Code feature looks really nice, and Wapack Labs analysts intend to test drive Ghidra and ready to discuss their experience with you.
This reply was deleted.