DNSS Inc – IT consulting and IT security services for small to mid-size businesses

Managed IT Services, IT Security Services, Vulnerability Management and Remediation, Help Desk Support, IT Maintenance Services, Network Administration, Business Continuity Planning, Disaster Recovery Planning, Onsite and Offsite Data Backup, and Information Security Assessment

Wikileaks Unveils ‘Cherry Blossom’ — Wireless Hacking System Used by CIA

Thursday, June 15, 2017

WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a framework – which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices.

Dubbed “Cherry Blossom,” the framework was allegedly designed by the Central Intelligence Agency (CIA) with the help of Stanford Research Institute (SRI International), an American nonprofit research institute, as part of its ‘Cherry Bomb’ project.

Cherry Blossom is basically a remotely controllable firmware-based implant for wireless networking devices, including routers and wireless access points (APs), which exploits router vulnerabilities to gain unauthorized access and then replace firmware with custom Cherry Blossom firmware.

“An implanted device [called Flytrap] can then be used to monitor the internet activity of and deliver software exploits to targets of interest.” a leaked CIA manual reads.

“The wireless device itself is compromised by implanting a customized CherryBlossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection,” WikiLeaks says.

According to Wikileaks, CIA hackers use Cherry Blossom hacking tool to hijack wireless networking devices on the targeted networks and then perform man-in-the-middle attacks to monitor and manipulate the Internet traffic of connected users.

cherryblossom-hacking

Once it takes full control on the wireless device, it reports back to CIA controlled command-and-control server referred as ‘CherryTree,’ from where it receives instructions and accordingly perform malicious tasks, which include:

  • Monitoring network traffic to collect email addresses, chat user names, MAC addresses, and VoIP numbers
  • Redirecting connected users to malicious websites
  • Injecting malicious content into the data stream to fraudulently deliver malware and compromise the connected systems
  • Setting up VPN tunnels to access clients connected to Flytrap’s WLAN/LAN for further exploitation
  • Copying of the full network traffic of a targeted device

According to an installation guide, the CherryTree C&C server must be located in a secure sponsored facility and installed on Dell PowerEdge 1850 powered virtual servers, running Red Hat Fedora 9, with at least 4GB of RAM.

Cherry Blossom Hacks Wi-Fi Devices from Wide-Range of Vendors

cherryblossom-hacking

Cherry Blossom can exploit vulnerabilities in hundreds of Wi-Fi devices (full list here) manufactured by the following vendors:

Belkin, D-Link, Linksys, Aironet/Cisco, Apple AirPort Express, Allied Telesyn, Ambit, AMIT Inc, Accton, 3Com, Asustek Co, Breezecom, Cameo, Epigram, Gemtek, Global Sun, Hsing Tech, Orinoco, PLANET Technology, RPT Int, Senao, US Robotics and Z-Com.

Previous Vault 7 CIA Leaks

Last week, WikiLeaks dumped an alleged CIA project, dubbed Pandemic, that allowed the agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network.

The tool is a persistent implant for Microsoft Windows machines that has been designed to infect networks of Windows computers through the Server Message Block (SMB) file sharing protocol by replacing application code on-the-fly with a trojanized version of the software.

Since March, the whistleblowing group has published 11 batches of “Vault 7” series, which includes the latest and last week leaks, along with the following batches:

  • Athena – a CIA’s spyware framework that has been designed to take full control over the infected Windows PCs remotely, and works against every version of Microsoft’s Windows operating systems, from Windows XP to Windows 10.
  • AfterMidnight and Assassin – two apparent CIA malware frameworks for the Microsoft Windows platform that has been designed to monitor and report back actions on the infected remote host computer and execute malicious actions.
  • Archimedes – a man-in-the-middle (MitM) attack tool allegedly created by the CIA to target computers inside a Local Area Network (LAN).
  • Scribbles – a piece of software allegedly designed to embed ‘web beacons’ into confidential documents, allowing the spying agency to track insiders and whistleblowers.
  • Grasshopper – reveal a framework which allowed the agency to easily create custom malware for breaking into Microsoft’s Windows and bypassing antivirus protection.
  • Marble – revealed the source code of a secret anti-forensic framework, basically an obfuscator or a packer used by the CIA to hide the actual source of its malware.
  • Dark Matter – focused on hacking exploits the agency designed to target iPhones and Macs.
  • Weeping Angel – spying tool used by the agency to infiltrate smart TV’s, transforming them into covert microphones.
  • Year Zero – dumped CIA hacking exploits for popular hardware and software.

via Wikileaks Unveils ‘Cherry Blossom’ — Wireless Hacking System Used by CIA

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Information

This entry was posted on June 16, 2017 by in Blog and tagged , , , , .
%d bloggers like this: