Red Sky® Alliance

Wapack Labs has been serving information security professionals for over eight years. We invite businesses and organizations, enterprise to small businesses to learn more about cyber threats and how to avoid them. We provide reports, indicators, references and training about targeted, advanced, and emerging cyber threats in our private portal.

Red Sky® Alliance offers TLP White and Green cyber threat reporting for targeted industry segments, international reports and malware/bot analyses.

Let us better prepare you and your team for new cyber threats.

Signing up for access to all content is simple, just enter your name and email address. Redskyalliance.org is free to members and no salesperson will call.


8215461282?profile=RESIZE_400x Activity Summary - Week Ending 25 November 2020:

  • Red Sky Alliance observed 106 unique email accounts compromised with Keyloggers
  • Analysts identified 45,355 connections from new unique IP addresses
  • Lir Ukraine Llc Compromised C2
  • Hezbollah Threat Actors remain as the Top Hacking Group
  • Lazarus is Targeting the Supply Chain
  • Muhstik…
Read more…

Phishing emails from the “IRS” are Back

8211410658?profile=RESIZE_400x In the US, many people fear the Internal Revenue Service (IRS).  When a US citizen receives any type communication from the IRS, people take notice.  The cyber bad guys know that too and send IRS phishing messages to unwitting US citizens.  In addition to receiving scam voice mails and texts about your Social Security number being at risk, a “credible looking” yet fake, IRS email has…

Read more…

8204394459?profile=RESIZE_400x I am sure everyone reading this post has had a dream where you wake up laughing.  You sit on the edge of your bed and think about what was so funny that made you laugh.  Well a recently identified Chinese hacking group called ‘FunnyDream’ (FD) ain’t so funny.  In fact, FD has targeted over 200 government units in Southeast Asia since 2018 as part of an ongoing cyberespionage campaign. …

Read more…

North Korean APT Group Kimsuky

8198316253?profile=RESIZE_400x The North Korean APT group known as Kimsuky, Black Banshee, Velvet Chollima and Thallim is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the CISA.

Kimsuky (Hidden Cobra or Lazarus) has been known since 2012, mainly targeting think tanks in South Korea, but more recently expanding operations to the United…

Read more…
Comments: 0

8198050864?profile=RESIZE_400x Activity Summary - Week Ending 20 November 2020:

  • Red Sky Alliance identified 35,859 connections from new unique IP addresses
  • Microsoft IP is a compromised C2
  • APT 10 – Stone Panda back in the Top 5 Threat Actor Groups
  • Capcom Hack - Part II
  • Kucoin Exchange Hacked
  • Kucoin-activity[.]com - Beware
  • Cryptocurrency…
Read more…

Ghimob is Not a New Dance Step from Brazil

8196287665?profile=RESIZE_400x Brazil is known for its pristine beaches, nightlife, hot dancing, and of course - The Girl from Ipanema.  A recently uncovered Brazilian banking Trojan targeting Android devices can spy on over 150 apps, including those of banks, cryptocurrency exchanges, and fintech firms, as a way to gather credentials and other data, according to an analysis by security firm Kaspersky.  A Trojan is…

Read more…

8196171482?profile=RESIZE_400x Remember the Dark Side comics?  Well, the DarkSide criminal hacking group is no laughing matter.  The DarkSide Ransomware gang claims they are creating a distributed storage system in Iran to store and leak data stolen from victims.  DarkSide is operated as a Ransomware-as-a-Service (RaaS) where developers control programming the ransomware software and payment site, and affiliates are…

Read more…

DDoS Attacks are poised to rebound in 2021

8196181261?profile=RESIZE_400x Distributed denial-of-service attacks target websites and online services. The aim is to overwhelm them with more traffic than the server or network can accommodate. The goal is to render the website or service inoperable.  The traffic can consist of incoming messages, requests for connections, or fake packets. In some cases, the targeted victims are threatened with a DDoS attack or…

Read more…


REDXRAY® DISCOVERY -- Daily Notification report of threats against your network. Two Week FREE TRIAL. Sign Up Today, We will get you started!

Schedule Your Demo Now 888-RedXray (888-733-9729)

Botnet Detection With Red Sky Alliance & IPinfo

Identify possible malware installations using either our botnet tracker collection or our sinkhole traffic collection. In many cases, it can also identify the malware protocol resulting in high confidence hits. This threat intelligence includes source IP addresses, destination IP addresses, domains, or URLs. DEMO SIGNUP


REDSHORT Reporting Webinar is LIVE every Wednesday, at 9:30AM'RED' as in something important from Red Sky Alliance and 'SHORT' as in, once a week in 10 minutes or less. The webinar will be a summary of a topic and will include a link to an in-depth report. 

As Veterans Day is on Wednesday, November 11th, This week's REDSHORT will be on November 12th at 9:30 EST.


In the News

Red Sky Alliance

For more information about Red Sky Alliance, follow the link, ABOUT

RedXray® Compose

Have a writing assignment? Writer's block? Looking for some ideas? Have an idea but need to flush it out some? Have you tried our RedXray® Compose tool? CLICK HERE. Give it a try, you won't be disappointed.

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance


  • 11 16 2020 Sinkhole and Botnet Tracker Black Lists in Indicators Channel....
  • This Month's Issue of Phish & Ships (NOV 2020) in the Transportation Channel. Check it out.
  • This week's Keylogger, Sinkhole and Botnet Tracker Black Lists are in the Indicators Channel. 11 09 2020
  • 11 04 2020 illegal vessel boarding report in Gulf of Guinea, in the Transportation Channel
  • Black Lists for 11 02 2020 available for a minimal cost in the Indicators Channel.
  • 10 30 2020 weekly Black List Indicators in the Indicator Channel.
  • This week's Black Lists are in the Indicators Channel.
  • Members, we are always looking for quality content for our portal. No rants or political opinions, but if you have followed an identified threat, malware or INFOSEC topic, we would be happy to consider it for posting. Thanks, JIM
  • OCT 2020 Phish and Ships edition in the Transportation section.
  • Check out our next Red Shorts on 14 OCT @ 0930 EST - topic will be the PalmerWorm/BlackTech hacker group.
This reply was deleted.
E-mail me when people leave their comments –