Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Hackers Exploit Networks for JavaScript Malware

Hackers Exploit Networks for JavaScript Malware

Posted on May 28, 2026 By CWS

In March 2026, numerous industries worldwide faced a surge of harmful spam emails, marking the beginning of a significant cybersecurity threat. Hackers launched a campaign using a backdoor coded in JavaScript, specifically targeting sectors such as energy, automotive, and government finance. The operation was sophisticated, utilizing an infrastructure designed to evade detection.

Targeted Cyber Attacks Unveiled

The attack was not indiscriminate; it deliberately targeted several high-profile organizations. Among the victims were a prominent Ukrainian FMCG company, a Russian oil-refining firm, and automotive groups in Poland and Germany. The Ministry of Finance in Transnistria was also compromised. A second wave in April 2026 broadened the attack, reaching more financial institutions, signaling a clear monetary motive behind the campaign.

Researchers from Intrinsec, as reported to Cyber Security News, revealed that the malicious operations relied on robust hosting structures. They identified two critical autonomous systems, GHOSTYNETWORKS and OMEGATECH, which were instrumental in managing the spam-sending and command-and-control servers. These systems had been operational since mid-2025, indicating a long-standing and well-planned campaign.

Complex JavaScript Malware Deployment

The JavaScript backdoor was intricately obfuscated and typically delivered through ZIP or RAR files attached to phishing emails. Once activated, it collected system data from the victim’s device and sent it to its command server using non-standard ports, complicating detection efforts. Each compromised system received a unique identifier, maintaining ongoing communication with the attackers.

According to the FBI, financial-driven cyber threats are growing, with business email compromise losses exceeding $3 billion in 2025. Attackers target organizations with weaker cybersecurity defenses, such as finance ministries in smaller countries, due to their limited resources and less mature email protection protocols.

Infrastructure and Defensive Measures

The infrastructure supporting these attacks is particularly noteworthy. GHOSTYNETWORKS, registered as AS205759 in Kentucky, served as a hub for the spam operation. Spamhaus has flagged it for cybercrime activities, linking it to a defunct network previously tied to a notorious bulletproof hosting provider. Meanwhile, OMEGATECH, based in Seychelles, housed the command domain for the JavaScript malware and another spam domain, further illustrating the global reach of this cyber threat.

Intrinsec advises that organizations implement several defensive strategies. Blocking specific JavaScript file types and container formats like ZIP and RAR can mitigate risks. Additionally, enforcing strict email security protocols and enhancing employee awareness through training can substantially improve resilience against such sophisticated attacks.

Blocking known malicious network prefixes at the firewall level is one of the most effective measures to prevent these threats from infiltrating internal systems. As cyber threats continue to evolve, organizations must remain vigilant and proactive in their cybersecurity practices.

Cyber Security News Tags:Backdoor, bulletproof hosting, Cybercrime, Cybersecurity, email security, financial threats, GHOSTYNETWORKS, Intrinsec, JavaScript malware, network security, OMEGATECH, Phishing, Spam, spam emails

Post navigation

Previous Post: FortiClient EMS Flaw Exploited to Spread Malware
Next Post: BTMOB Android Malware Threatens Full Device Control

Related Posts

ClickFix Uses Legacy Python Tool for Resilient Cyber Attacks ClickFix Uses Legacy Python Tool for Resilient Cyber Attacks Cyber Security News
Microsoft Dismantles 300+ Websites Used to Distribute RaccoonO365 Phishing Service Microsoft Dismantles 300+ Websites Used to Distribute RaccoonO365 Phishing Service Cyber Security News
Hackers Exploiting SAP NetWeaver Vulnerability to Deploy Auto-Color Linux Malware Hackers Exploiting SAP NetWeaver Vulnerability to Deploy Auto-Color Linux Malware Cyber Security News
Critical Vulnerability in etcd Allows Unauthorized API Access Critical Vulnerability in etcd Allows Unauthorized API Access Cyber Security News
175,000 Exposed Ollama Hosts Enable Code Execution and External System Access 175,000 Exposed Ollama Hosts Enable Code Execution and External System Access Cyber Security News
MuddyWater-Style Cyber Attack Targets Middle Eastern Sectors MuddyWater-Style Cyber Attack Targets Middle Eastern Sectors Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark