Monday, June 24, 2024

Wikileaks Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Wikileaks Revealed another CIA Cyber weapon called “CherryBlossom” which is Specially Developed to compromise the Wireless Network Devices including wireless routers and access points (APs) by helping of Stanford Research Institute (SRI International).

Wikileaks Vault 7 leads earlier Released Hacking tool was Pandemic, that has ability to Replaced Target files where remote users use SMB to Download

CherryBlossom” is capable of performing exploits in software and Monitoring the Internet Activities in the Targeting Victims such as commonly used WIFI Devices in private and public places including small and medium-sized companies as well as enterprise offices.

Also Read Cyberweapon Malware “Pandemic” targets SMB users.

Man-in-the-Middle Attack

This Tool Compromise the wireless devices using Man-in-the-Middle Attack to monitor,  control and manipulate the Internet traffic of connected users.

Once devices have successfully infected, this tool can inject the malicious content via streaming to exploit the Vulnerabilities in the target.

It Doesn’t Require any physical access to compromise the target since it’s used implanting a customized CherryBlossom firmware in wireless devices itself and some devices allow upgrading their firmware over a wireless link.

According to Wikileaks revealed CIA Secret Document, This  Released document is for CBlossom version 5.0. CBlossom version 5.0 will include new releases of the CBlossom Flytrap and Cherry Tree products, each being referred to as version 5.0.

Also Read Digital Weapons of NSA-linked Microsoft hacking tools leak by Shadow Brokers

Once target compromised by the CherryBlossom, Router access point will become called Flytrap.

Flytrap – a wireless access point (AP), router, or other devices that have been implanted with Cherry Blossom firmware.

Flytrap will communicate over the Internet to a Command & Control server referred to as the CherryTree.

According to  CIA Secret Document, The key element of the Cherry Blossom system is the Flytrap

“In typical operation, a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation. After implanting has occurred, the wireless device is known as a Flytrap.”

CherryBlossom Architecture

This Architecture indicated Red boxes are Cherry Blossom components.

Flytrap act as a wireless access point (AP), router, or other devices that have been implanted with Cherry Blossom firmware. Flytraps execute Missions to detect and exploit Targets

Command post “Cherry Tree” – Handling and storage of Flytrap Missions, status, and distribution of Flytrap Alerts.

Remote Terminal (CherryWeb or CW) – browser-based interface that allows Sponsor
users to view system status, configure the system, view target activity, and plan/assign

CIA Hacking Tool Cherry Blossom Compromise Wireless Network Devices

CherryBlossom Architecture

User – a person with access to the Cherry Web Remote Terminal

Point of Presence (PoP) or Listening Post (LP) – relay that forwards communication
between a Flytrap and the Cherry Tree.

Main Tasks of CherryBlossom

Main tasks including Monitor the target, actions/exploits to perform on a Target and performing the instructions regarding the communication and stealing the victim’s data.

Based on the Wikileaks Document Report, it has the ability to scan for email addresses, chat user names, MAC addresses and VoIP numbers in passing network traffic to trigger additional actions, the copying of the full network traffic of a Target, the redirection of a Target’s browser.

CherryBlossom Exploit the Vulnerabilities in many Wireless Router Vendors including

Also Read New SMB Network Worm “MicroBotMassiveNet” Using 7 NSA Hacking Tools, Wannacry using only Two


Latest articles

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay...

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef....

Chinese Winnti Group Intensifies Financially Motivated Attacks

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential...

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles