Managed IT Services, IT Security Services, Vulnerability Management and Remediation, Help Desk Support, IT Maintenance Services, Network Administration, Business Continuity Planning, Disaster Recovery Planning, Onsite and Offsite Data Backup, and Information Security Assessment
Dubbed “Cherry Blossom,” the framework was allegedly designed by the Central Intelligence Agency (CIA) with the help of Stanford Research Institute (SRI International), an American nonprofit research institute, as part of its ‘Cherry Bomb’ project.
“An implanted device [called Flytrap] can then be used to monitor the internet activity of and deliver software exploits to targets of interest.” a leaked CIA manual reads.
“The wireless device itself is compromised by implanting a customized CherryBlossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection,” WikiLeaks says.
According to Wikileaks, CIA hackers use Cherry Blossom hacking tool to hijack wireless networking devices on the targeted networks and then perform man-in-the-middle attacks to monitor and manipulate the Internet traffic of connected users.
Once it takes full control on the wireless device, it reports back to CIA controlled command-and-control server referred as ‘CherryTree,’ from where it receives instructions and accordingly perform malicious tasks, which include:
According to an installation guide, the CherryTree C&C server must be located in a secure sponsored facility and installed on Dell PowerEdge 1850 powered virtual servers, running Red Hat Fedora 9, with at least 4GB of RAM.
Cherry Blossom can exploit vulnerabilities in hundreds of Wi-Fi devices (full list here) manufactured by the following vendors:
Last week, WikiLeaks dumped an alleged CIA project, dubbed Pandemic, that allowed the agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network.
The tool is a persistent implant for Microsoft Windows machines that has been designed to infect networks of Windows computers through the Server Message Block (SMB) file sharing protocol by replacing application code on-the-fly with a trojanized version of the software.
Since March, the whistleblowing group has published 11 batches of “Vault 7” series, which includes the latest and last week leaks, along with the following batches: