Home

Red Sky Alliance

Wapack Labs has operated Red Sky Alliance for over seven years. We are a trusted group of organizations, large and small, sharing information about targeted, advanced, and emerging cyber threats in a private secure portal. 
 
Red Sky Alliance offers TLP White and Green reporting that can satisfy most any situational awareness need, with reports, forums and people to ask questions of - Sign up Now for FREE Membership and Access to all Content.
 

Get Advice, Intelligence, & Help.

The Red Sky Alliance portal offers cyber security reporting and training materials that can help your company meet the cyber threat challenges of today.

Sign up Now for FREE Membership and Access to all Content.

X-Industry

Hackers Spoof Qatari Darwish Trading Company

Posted by Yury Polozov on April 10, 2019 at 11:54am

Summary

Wapack Labs observed malicious email trending on CTAC which detected an uptick in Darwish Trading Company (DTC) spoofing.  Hackers pretend to be from this Qatari company as it has a wide range of business activities to include servicing the oil and gas sector.  During 29 March 2019 – 3 April 2019, these samples were seen delivering Lokibot and PonyLoader malware.

Details…

Read more…

Loki's Underground Evolution

Posted by Jesse Burke on April 9, 2019 at 5:33pm

Summary

Loki is a very popular bot/stealer malware which has been for sale in the underground since 2015.  In 2017, two hackers from the Russian hacking forum fuckav.ru cracked Loki and released a cracked builder.  Once the cracked builder was released new unofficial versions of Loki were found for sale in novice English speaking forums for less than the original version. 


This report provides details on the following Loki…

Read more…

Smominru Botnet

Posted by Scott Hall on April 3, 2019 at 2:14pm
Summary Beginning in August of 2017, a new cryptocurrency mining botnet, dubbed Smominru, started propagating via the recently leaked Eternal Blue exploit. Smominru, aka MyKings, is characterized by the targeting of Windows systems using WMI as a file-less persistence mechanism. As of March 2019, Smominru showed no signs of slowing down. Wapack Labs has identified approximately 316K victims connecting to Smominru infrastructure over a period of 6 days. This report provides a high-level overview…
Read more…

CHINA NEEDS OIL: FORECASTING CHINA’S ENERGY IMPORT DEPENDENCY

Posted by Bill Schenkelberg on April 3, 2019 at 10:20am

China’s need for energy has skyrocketed over the last 20 years as the country has gotten richer and the middle class—now 400 million—has grown into a significant segment of the population.  Energy demands are not being met by domestic production, so China is now a net importer of oil, natural gas, and coal.

China’s energy source mix has traditionally been dominated by coal, but the share of energy produced by coal is dropping.  China is highly dependent on imported oil,…

Read more…

Cyber Intelligence Briefing

WAPACK LABS PRESENTS
Cyber Intelligence Briefing
 
Wapack Labs is excited to introduce a NEW series of monthly cyber intelligence on-line briefings. Listen to top cyber professionals share threat intelligence that has the potential to transform your cyber security. 
 
Did you miss it? No worries. SIGN-IN HERE!
 
MARCH TOPICS
  • How Big a Problem is Huawei?
  • Credit Unions Receiving Targeted Malicious eMails
  • RDPwned: 4 Attack Types & the Solutions

Wapack Labs in the News

On - Demand, Red Sky Alliance Threat Brief Broadcast.

Please join us every week for an, on demand, rebroadcast of our Weekly Red Sky Alliance Threat Brief, a succinct summary of current threat activities designed to inform your decision-making. Listen in on what our Wapack Labs analysts have been working on.

Register Here, Watch Now
See you online!

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance

Comments

  • Bill Schenkelberg April 16, 2019 at 10:12am
    Car's Autopilot Tricked - Automotive Section
  • Bill Schenkelberg April 16, 2019 at 8:56am
    Shipping and AI in Transportation Section
  • Austin Talbot April 12, 2019 at 10:24pm
    Maritime watch list and Vessel Impersonation reports for the week of 04 12 2019 are now posted in the Transportation Section.
  • Bill Schenkelberg April 12, 2019 at 6:30pm
    Oil and Gas brief 04 12 2019 in Oil and Gas Section.
  • Yury Polozov April 11, 2019 at 12:13pm
    Julian Assange arrested in London, the US charging Assange with conspiring to hack a Defense Department computer in order to publish classified U.S. documents. The Ecuadoran president specifically cited Assange’s involvement in what he described as WikiLeaks’ meddling in the internal affairs of other countries, referring to the leaking of documents from the Vatican in January. As a blowback for the Assange's arrest hacktivists are DDoSing the Ecuadoran Embassy website and look for other ways of retribution.
    twitter[.]com/your_anon_net/status/1116332947764854785 and twitter[.]com/anonopsofficial/status/1116334671187591174
  • Bill Schenkelberg April 11, 2019 at 11:20am
    GPS and Cars in Automotive Section.
  • Bill Schenkelberg April 10, 2019 at 8:30am
    X-Industry = Cross Industry Cyber Intelligence Reporting. Check out the Lokibot report.
  • Austin Talbot April 5, 2019 at 8:18pm
    Maritime watch list and Vessel Impersonation reports for the week of 04 05 2019 are now posted in the Transportation Section.
  • Bill Schenkelberg April 3, 2019 at 1:26pm
    Phish & Ships APR 2019 edition - Transportation section.
  • Bill Schenkelberg April 3, 2019 at 1:08pm
    Are Auto Dealerships Cyber Safe? See Automotive Section
This reply was deleted.