Categories: Hacks

Wikileaks Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Wikileaks Revealed another CIA Cyber weapon called “CherryBlossom” which is Specially Developed to compromise the Wireless Network Devices including wireless routers and access points (APs) by helping of Stanford Research Institute (SRI International).

Wikileaks Vault 7 leads earlier Released Hacking tool was Pandemic, that has ability to Replaced Target files where remote users use SMB to Download

CherryBlossom” is capable of performing exploits in software and Monitoring the Internet Activities in the Targeting Victims such as commonly used WIFI Devices in private and public places including small and medium-sized companies as well as enterprise offices.

Also Read Cyberweapon Malware “Pandemic” targets SMB users.

Man-in-the-Middle Attack

This Tool Compromise the wireless devices using Man-in-the-Middle Attack to monitor,  control and manipulate the Internet traffic of connected users.

Once devices have successfully infected, this tool can inject the malicious content via streaming to exploit the Vulnerabilities in the target.

It Doesn’t Require any physical access to compromise the target since it’s used implanting a customized CherryBlossom firmware in wireless devices itself and some devices allow upgrading their firmware over a wireless link.

According to Wikileaks revealed CIA Secret Document, This  Released document is for CBlossom version 5.0. CBlossom version 5.0 will include new releases of the CBlossom Flytrap and Cherry Tree products, each being referred to as version 5.0.

Also Read Digital Weapons of NSA-linked Microsoft hacking tools leak by Shadow Brokers

Once target compromised by the CherryBlossom, Router access point will become called Flytrap.

Flytrap – a wireless access point (AP), router, or other devices that have been implanted with Cherry Blossom firmware.

Flytrap will communicate over the Internet to a Command & Control server referred to as the CherryTree.

According to  CIA Secret Document, The key element of the Cherry Blossom system is the Flytrap

“In typical operation, a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation. After implanting has occurred, the wireless device is known as a Flytrap.”

CherryBlossom Architecture

This Architecture indicated Red boxes are Cherry Blossom components.

Flytrap act as a wireless access point (AP), router, or other devices that have been implanted with Cherry Blossom firmware. Flytraps execute Missions to detect and exploit Targets

Command post “Cherry Tree” – Handling and storage of Flytrap Missions, status, and distribution of Flytrap Alerts.

Remote Terminal (CherryWeb or CW) – browser-based interface that allows Sponsor
users to view system status, configure the system, view target activity, and plan/assign
Missions

CherryBlossom Architecture

User – a person with access to the Cherry Web Remote Terminal

Point of Presence (PoP) or Listening Post (LP) – relay that forwards communication
between a Flytrap and the Cherry Tree.

Main Tasks of CherryBlossom

Main tasks including Monitor the target, actions/exploits to perform on a Target and performing the instructions regarding the communication and stealing the victim’s data.

Based on the Wikileaks Document Report, it has the ability to scan for email addresses, chat user names, MAC addresses and VoIP numbers in passing network traffic to trigger additional actions, the copying of the full network traffic of a Target, the redirection of a Target’s browser.

CherryBlossom Exploit the Vulnerabilities in many Wireless Router Vendors including

Also Read New SMB Network Worm “MicroBotMassiveNet” Using 7 NSA Hacking Tools, Wannacry using only Two

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…

51 minutes ago

Dell Wyse Management Suite Vulnerabilities Let Attackers Exploit Affected Systems Remotely

Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address…

1 hour ago

CISA Details Red Team Assessment Including TTPs & Network Defense

The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment…

1 hour ago

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler…

2 hours ago

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of…

2 hours ago

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

18 hours ago