Wikileaks Revealed another CIA Cyber weapon called “CherryBlossom” which is Specially Developed to compromise the Wireless Network Devices including wireless routers and access points (APs) by helping of Stanford Research Institute (SRI International).
Wikileaks Vault 7 earlier released Hacking tool was Pandemic, that has ability to Replaced Target files where remote users use SMB to Download
Man-in-the-Middle Attack
This Tool Compromise the wireless devices using Man-in-the-Middle Attack to monitor, control and manipulate the Internet traffic of connected users.
Once devices have successfully infected, this tool can inject the malicious content via streaming to exploit the Vulnerabilities in the target.
It Doesn’t Require any physical access to compromise the target since it’s used implanting a customized CherryBlossom firmware in wireless devices itself and some devices allow upgrading their firmware over a wireless link.
According to Wikileaks revealed CIA Secret Document, This Released document is for CBlossom version 5.0. CBlossom version 5.0 will include new releases of the CBlossom Flytrap and Cherry Tree products, each being referred to as version 5.0.
Once target compromised by the CherryBlossom, Router access point will become called Flytrap.
Flytrap will communicate over the Internet to a Command & Control server referred to as the CherryTree.
According to CIA Secret Document, The key element of the Cherry Blossom system is the Flytrap
CherryBlossom Architecture
This Architecture indicated Red boxes are Cherry Blossom components.
Flytrap act as a wireless access point (AP), router, or other devices that have been implanted with Cherry Blossom firmware. Flytraps execute Missions to detect and exploit Targets
Remote Terminal (CherryWeb or CW) – browser-based interface that allows Sponsor
users to view system status, configure the system, view target activity, and plan/assign
Missions
CherryBlossom Architecture
User – a person with access to the Cherry Web Remote Terminal
Main Tasks of CherryBlossom
Main tasks including Monitor the target, actions/exploits to perform on a Target and performing the instructions regarding the communication and stealing the victim’s data.
Based on the Wikileaks Document Report, it has the ability to scan for email addresses, chat user names, MAC addresses and VoIP numbers in passing network traffic to trigger additional actions, the copying of the full network traffic of a Target, the redirection of a Target’s browser.
CherryBlossom Exploit the Vulnerabilities in many Wireless Router Vendors including Hsing Tech, Orinoco, Apple Airport Express, Allied Telesyn,LANET Technology, RPT Int, Senao, D-Link, Linksys, and Etc.