Italian researchers from CSE Cybsec have discovered a backdoor on Italian networks, a 'back door', used to circumvent the defenses of computer systems. The port has been recognized as a variant of the well-known X-Agent backdoor. Used to target Windows systems, the backdoor is part of the arsenal of a Russian paramilitary group, known by the acronym APT28. It is a criticality that allows enormous amounts of data and information to be taken from compromised computers and sent to a command and control center located in Asia. APT28 (acronym which stands for Advanced Persistent Threath number 28), takes its name from the technique used.
It is an advanced persistent threat and is a type of cyber threat that once installed on servers and systems remains there to carry out its task of monitoring and retrieving data, for spying purposes. The group has been active since 2007 and has targeted governments, the military and security organizations.
APT28 is one of the most famous hacker groups in the world for being involved in the theft of Hillary Clinton's emails that led to the James Comey FBI investigating it shortly before the US presidential election and then won by Donald Trump.
The group, well organized and financed is also known under other names such as Sofacy, Fancy Bear, Pawn Storm, Sednit. Experts have identified another malware that contacts a command and control server with the name "marina-info.net". According to the researchers, the malicious software would be part of a well coordinated surgical attack powered by the APT28 that Z-Lab called "Operation Roman Holiday". Both the malware have also been reported to the authorities in a report accompanied by the so-called "Yara rules", to facilitate their identification.