Categories: Hacks

Wikileaks Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Wikileaks Revealed another CIA Cyber weapon called “CherryBlossom” which is Specially Developed to compromise the Wireless Network Devices including wireless routers and access points (APs) by helping of Stanford Research Institute (SRI International).

Wikileaks Vault 7 leads earlier Released Hacking tool was Pandemic, that has ability to Replaced Target files where remote users use SMB to Download

CherryBlossom” is capable of performing exploits in software and Monitoring the Internet Activities in the Targeting Victims such as commonly used WIFI Devices in private and public places including small and medium-sized companies as well as enterprise offices.

Also Read Cyberweapon Malware “Pandemic” targets SMB users.

Man-in-the-Middle Attack

This Tool Compromise the wireless devices using Man-in-the-Middle Attack to monitor,  control and manipulate the Internet traffic of connected users.

Once devices have successfully infected, this tool can inject the malicious content via streaming to exploit the Vulnerabilities in the target.

It Doesn’t Require any physical access to compromise the target since it’s used implanting a customized CherryBlossom firmware in wireless devices itself and some devices allow upgrading their firmware over a wireless link.

According to Wikileaks revealed CIA Secret Document, This  Released document is for CBlossom version 5.0. CBlossom version 5.0 will include new releases of the CBlossom Flytrap and Cherry Tree products, each being referred to as version 5.0.

Also Read Digital Weapons of NSA-linked Microsoft hacking tools leak by Shadow Brokers

Once target compromised by the CherryBlossom, Router access point will become called Flytrap.

Flytrap – a wireless access point (AP), router, or other devices that have been implanted with Cherry Blossom firmware.

Flytrap will communicate over the Internet to a Command & Control server referred to as the CherryTree.

According to  CIA Secret Document, The key element of the Cherry Blossom system is the Flytrap

“In typical operation, a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation. After implanting has occurred, the wireless device is known as a Flytrap.”

CherryBlossom Architecture

This Architecture indicated Red boxes are Cherry Blossom components.

Flytrap act as a wireless access point (AP), router, or other devices that have been implanted with Cherry Blossom firmware. Flytraps execute Missions to detect and exploit Targets

Command post “Cherry Tree” – Handling and storage of Flytrap Missions, status, and distribution of Flytrap Alerts.

Remote Terminal (CherryWeb or CW) – browser-based interface that allows Sponsor
users to view system status, configure the system, view target activity, and plan/assign
Missions

CherryBlossom Architecture

User – a person with access to the Cherry Web Remote Terminal

Point of Presence (PoP) or Listening Post (LP) – relay that forwards communication
between a Flytrap and the Cherry Tree.

Main Tasks of CherryBlossom

Main tasks including Monitor the target, actions/exploits to perform on a Target and performing the instructions regarding the communication and stealing the victim’s data.

Based on the Wikileaks Document Report, it has the ability to scan for email addresses, chat user names, MAC addresses and VoIP numbers in passing network traffic to trigger additional actions, the copying of the full network traffic of a Target, the redirection of a Target’s browser.

CherryBlossom Exploit the Vulnerabilities in many Wireless Router Vendors including

Also Read New SMB Network Worm “MicroBotMassiveNet” Using 7 NSA Hacking Tools, Wannacry using only Two

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

4 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago