Red Sky Alliance

Wapack Labs has operated Red Sky Alliance for over seven years. We are a trusted group of organizations, large and small, sharing information about targeted, advanced, and emerging cyber threats in a private secure portal. 
Red Sky Alliance offers TLP White and Green reporting that can satisfy most any situational awareness need, with reports, forums and people to ask questions of - Sign up Now for FREE Membership and Access to all Content.

Get Advice, Intelligence, & Help.

The Red Sky Alliance portal offers cyber security reporting and training materials that can help your company meet the cyber threat challenges of today.

Sign up Now for FREE Membership and Access to all Content.



Russian President Vladimir Putin and Chinese President Xi Jinping have met twice already in 2019 for summits on economic cooperation.  A series of agreements has been concluded at these meetings, mostly focused on Russian cooperation on China’s Belt and Road infrastructure construction. Putin had initially been hesitant to join in…

Read more…
Beginning in April 2019, Wapack Labs SOC observed an uptick in alerts for inbound PHP exploit attempts affecting multiple clients. These alerts indicate attacks on vulnerable systems through the use of malicious PHP code in HTTP requests. If these attacks are successful, they can result in data exfiltration as well as remote control of victim servers.
Read more…
Comments: 0


Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These are often obtained through phishing campaigns intended to trick users into entering their personal data. In June 2019, Wapack Labs identified one such campaign that is leveraging a large infrastructure and a phishing kit dubbed ‘Allantibots’. Allantibots is a sophisticated phishing package and is characterized by its ability to spoof the…

Read more…


RedXray, Daily Cyber Risk Management Reporting

How do you know if your supplier, customer, partner, member or subsidiary is in cyber trouble? Is your organization at business risk due to unreported cyber threats? What about your subsidiary locations, members or suppliers? Can they recover from the financial losses suffered by a business interruption, financial loss or ransomware? RedXray notifies you of nine (9) cyber threat categories in your enrolled named entities for any industry segment. For use in supply chains, you can see who is at risk on daily basis to help you comply with NIST 800-171 rules. There are multiple use applications; Banking & Finance, INFOSEC Firms, Insurance, Auto Dealerships, Manfacturing.

If a supplier, customer or partner is having cyber issues, you can identify the problem quickly and easily and mitigate losses immediately.For more information and how to order, please visit https://www.wapacklabs.com/redxray

Wapack Labs in the News

On - Demand, Red Sky Alliance Threat Brief Broadcast.

Please join us every week for an, on demand, rebroadcast of our Weekly Red Sky Alliance Threat Brief, a succinct summary of current threat activities designed to inform your decision-making. Listen in on what our Wapack Labs analysts have been working on.

Register Here, Watch Now
See you online!

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance


  • The maritime watch list and Vessel Impersonation reports for the week of 06 21 2019 are now posted in the Transportation Section.
  • Interesting article that complements our past reports on China and the Belt and Road initiatives. See our current report: RU Cooperation with CN on Belt and Road Projects.
    How China Weaponized the Global Supply Chain | National Review
    Ports, containers, and the Internet are now means for Beijing to project power.
  • Mozilla patches a critical Firefox remote code execution bug. It is actively being exploited in targeted phishing attacks to deliver malware payloads. Update to 67.0.4 to fix the vulnerability. https://www.bleepingcomputer.com/news/security/mozilla-firefox-6704...
    Mozilla Firefox 67.0.4 Fixes Second Actively Exploited Zero-Day
    Mozilla has released Firefox 67.0.4 to fix a security vulnerability that has been used in targeted attacks against cryptocurrency firms such as Coinb…
  • Ship AIS manipulation, in Transportation Section
  • War Risk Marine Insurance Soars - Transportation Section
  • The maritime watch list and Vessel Impersonation reports for the week of 06 14 2019 are now posted in the Transportation Section.
  • Address Bar Spoofing in The Wild

    You often hear to pay attention to the address bar to check if the domain you see in your Internet browser is actually the one you intended. But hackers can sometimes spoof that too. In June 2019, Wapack Labs discovered a long-running campaign utilizing this address bar spoofing vulnerability that was fixed in Microsoft Edge, but still works in some mobile Safari version despite being reported years ago.

    This results in the phishing page being displayed while the valid URL is in the address bar. The following image shows this exploit in action. The only indicator that it’s a phishing page is the misspelling in the form (brith instead of birth). This vulnerability (CVE 2018-8383) was originally reported back in 2015 and still has not been patched by Safari.

    Download the whole report: https://redskyalliance.org/finished-analysis/allantibots
    Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These…
  • Summer Travel and cyber security - Transportation
  • 06 14 2019 Oil and Gas brief in Oil and Gas Section
  • Wapack Labs has been tracking sextortion cases for years. Thieves are posing as a CIA officer sending emails to victims claiming that the victim has been viewing child pornography and is going to be arrested unless they pay $10,000 worth of bitcoin to the attacker.

    1. If you do not view child pornography, you should know this is fake.
    2. The CIA is not going to reach out to pedophiles warning them that they are about to be arrested.
    3. If a CIA officer were to ever accept a bribe, it's extremely unlikely that they would ask for it via email.

This reply was deleted.