Wikileaks Revealed another CIA Cyber weapon called “CherryBlossom” which is Specially Developed to compromise the Wireless Network Devices including wireless routers and access points (APs) by helping of Stanford Research Institute (SRI International).
Wikileaks Vault 7 earlier released Hacking tool was Pandemic, that has ability to Replaced Target files where remote users use SMB to Download
“CherryBlossom” is capable of performing exploits in software and Monitoring the Internet Activities in the Targeting Victims such as commonly used WIFI Devices in private and public places including small and medium-sized companies as well as enterprise offices.
Man-in-the-Middle Attack
This Tool Compromise the wireless devices using Man-in-the-Middle Attack to monitor, control and manipulate the Internet traffic of connected users.
Once devices have successfully infected, this tool can inject the malicious content via streaming to exploit the Vulnerabilities in the target.
It Doesn’t Require any physical access to compromise the target since it’s used implanting a customized CherryBlossom firmware in wireless devices itself and some devices allow upgrading their firmware over a wireless link.
According to Wikileaks revealed CIA Secret Document, This Released document is for CBlossom version 5.0. CBlossom version 5.0 will include new releases of the CBlossom Flytrap and Cherry Tree products, each being referred to as version 5.0.
Once target compromised by the CherryBlossom, Router access point will become called Flytrap.
Flytrap – a wireless access point (AP), router, or other devices that have been implanted with Cherry Blossom firmware.
Flytrap will communicate over the Internet to a Command & Control server referred to as the CherryTree.
According to CIA Secret Document, The key element of the Cherry Blossom system is the Flytrap
“In typical operation, a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation. After implanting has occurred, the wireless device is known as a Flytrap.”
CherryBlossom Architecture
This Architecture indicated Red boxes are Cherry Blossom components.
Flytrap act as a wireless access point (AP), router, or other devices that have been implanted with Cherry Blossom firmware. Flytraps execute Missions to detect and exploit Targets
Command post “Cherry Tree” – Handling and storage of Flytrap Missions, status, and distribution of Flytrap Alerts.
Remote Terminal (CherryWeb or CW) – browser-based interface that allows Sponsor
users to view system status, configure the system, view target activity, and plan/assign
Missions
CherryBlossom Architecture
User – a person with access to the Cherry Web Remote Terminal
Point of Presence (PoP) or Listening Post (LP) – relay that forwards communication
between a Flytrap and the Cherry Tree.
Main Tasks of CherryBlossom
Main tasks including Monitor the target, actions/exploits to perform on a Target and performing the instructions regarding the communication and stealing the victim’s data.
Based on the Wikileaks Document Report, it has the ability to scan for email addresses, chat user names, MAC addresses and VoIP numbers in passing network traffic to trigger additional actions, the copying of the full network traffic of a Target, the redirection of a Target’s browser.
CherryBlossom Exploit the Vulnerabilities in many Wireless Router Vendors including Hsing Tech, Orinoco, Apple Airport Express, Allied Telesyn,LANET Technology, RPT Int, Senao, D-Link, Linksys, and Etc.
