Red Sky Alliance

Wapack Labs has operated Red Sky Alliance for over seven years. We are a trusted group of organizations, large and small, sharing information about targeted, advanced, and emerging cyber threats in a private secure portal. 
Red Sky Alliance offers TLP White and Green reporting that can satisfy most any situational awareness need, with reports, forums and people to ask questions of - Sign up Now for FREE Membership and Access to all Content.

Get Advice, Intelligence, & Help.

The Red Sky Alliance portal offers cyber security reporting and training materials that can help your company meet the cyber threat challenges of today.

Sign up Now for FREE Membership and Access to all Content.


Cryxos Variant

In August 2019, Wapack Labs observed a significant uptick in malicious emails delivering a malware identified as Cryxos.  The observed malware is currently being delivered to users in Brazil, however thousands of related specimens were observed on Virus Total indicating a widespread campaign affecting multiple countries.  This report provides technical details on the first stage and second stage components of this malware campaign as well as the associated infrastructure, and malware…

Read more…
Comments: 0


The recent leakage of millions of resumes from Chinese job sites has provided the opportunity to research, among other things, the work histories and expertise of thousands of Huawei Technologies employees.  Christopher Balding of Fulbright University Vietnam has conducted such a search to determine if Huawei has links to the…

Read more…

3396768374?profile=RESIZE_710xThe Department of Homeland Security released a National Terrorism Advisory System

Bulletin on 18 July 2019.

It updates The National Terrorism Advisory System, or NTAS, a tool designed to communicate information about terrorist threats by providing timely, detailed information to the public.  There are now three primary…

Read more…

TA505 Infrastructure

TA505 is a prolific Russian threat actor known for attacks against multiple industries with a variety of malware since 2014. In July 2019, Wapack Labs analyzed the intrusion infrastructure associated with TA505’s attacks. The network is comprised of multiple IPs and domains, many of which were spoofed to appear like domains belonging financial institutions. Also hosted were two domains for Royal Dumps, a known carder site. More recently there has been reported upticks in TA505 attacks…

Read more…
Comments: 0


RedXray, Daily Cyber Risk Management Reporting

How do you know if your supplier, customer, partner, member or subsidiary is in cyber trouble? Is your organization at business risk due to unreported cyber threats? What about your subsidiary locations, members or suppliers? Can they recover from the financial losses suffered by a business interruption, financial loss or ransomware? RedXray notifies you of nine (9) cyber threat categories in your enrolled named entities for any industry segment. For use in supply chains, you can see who is at risk on daily basis to help you comply with NIST 800-171 rules. There are multiple use applications; Banking & Finance, INFOSEC Firms, Insurance, Auto Dealerships, Manfacturing.

If a supplier, customer or partner is having cyber issues, you can identify the problem quickly and easily and mitigate losses immediately.For more information and how to order, please visit https://www.wapacklabs.com/redxray

Wapack Labs in the News

On - Demand, Red Sky Alliance Threat Brief Broadcast.

Please join us every week for an, on demand, rebroadcast of our Weekly Red Sky Alliance Threat Brief, a succinct summary of current threat activities designed to inform your decision-making. Listen in on what our Wapack Labs analysts have been working on.

Register Here, Watch Now
See you online!

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance


  • VLCC Grace 1 is now VLCC Adrian Darya 1 - Transportation Section
  • Update on the Cameroon piracy - nine sailors still reported missing from the M/V Victory C (formerly named CMB Giulia).
  • Maritime watch list and Vessel Impersonation reports for the week of 08 19 2019 are now posted in the Transportation Section.
  • Cameroon Piracy - Transportation Section
  • Oil and gas brief for 08 16 2019 in Oil and Gas section
  • Facial recognition technologies are used by various groups during political protests around the world. In Hong Kong, protesters use laser pointers, in part, as it effectively confuses the facial recognition cameras.
    In Russia, some protesters started to use facial recognition on Russian social networks to expose real identities of policemen who were involved in brutalities.
  • August 2019 Edition of Phish & Ships is in the Transportation section.
  • Our friends from Dryad Global has issued a great report in the Transportation section.
  • Extremists Threatening Power Utilities and Critical Infrastructure - Report in Power Utilities section
  • Osiris Banking Trojan details - FBI Private Industry Notification, Finance Section (under Markets).
This reply was deleted.