Tuesday 1 December 2020
- Advertisement -

Protect Your Firm From CIA’s Cherry Blossom

- Advertisement -
Views Article Protect Your Firm From CIA's Cherry Blossom

According to new documents published by WikiLeaks, the United States’ Central Intelligence Agency (CIA) has been building and maintaining a host of tools to access the networked activities of organisations America wishes to track. WikiLeaks has published new documents describing a program called Cherry Blossom.

Router is the front gate of every network connected to Internet. Even if there is a Firewall at the gateway, if the router gets compromised, it opens a window in that network to monitor all the activity happening in that network. Generally, in an organisation, routers are devices the least taken care of, and they are rarely updated to current firmware. This creates a big loophole and a high possibility of its security being compromised from outside. An outsider can thus get an access to all the activities of the organisation that are networked.

Cherry Blossom is capable of performing exploits in software and monitoring Internet activities of the target such as the activities that transmit through commonly used Wi-Fi devices in private and public places. The victims are mostly small and medium-sized companies as well as enterprise offices.

The program uses a modified version of a given router’s firmware to turn it into a surveillance tool. Once in place, Cherry Blossom lets a remote agent monitor the target’s internet traffic, scan for useful information like passwords and even redirect the target to the desired website.

Cherry Blossom compromises the wireless devices using Man-in-the-Middle attack to monitor, control and manipulate the Internet traffic of connected users. Once the devices have been infected successfully, this tool can inject the malicious content via streaming to exploit the vulnerabilities in the target.

When the malicious program has compromised the targetthe router access point will get compromised, too. It will communicate over the Internet to a command-and-control server referred to as the Cherry Tree.

According to a secret document of the CIA, the key element of the Cherry Blossom system is the implanted device called Flytrap. It acts as a wireless access point (AP), router, or another device that has been implanted with Cherry Blossom firmware. Flytraps execute missions to detect and exploit targets.

Cherry Blossom is another skeleton tumbling out of CIA’s closet. It was designed for numerous devices including wireless routers from Cisco, D-Link, Belkin and Linksys. A complete list of affected models can be found here.

Cherry Blossom firmware can be installed on devices even without physical access to them. It can run undetected in the same environment, giving complete control and access to all the activities happening in the targeted organisation to the exploiter.

To be safe, organisations should keep their routers’ firmware updated, always behind a Firewall. All the ports that are of no use in the organisation should be blocked. External traffic should be monitored and rules should be set accordingly.

- Advertisement -
Sourav Mishra
Sourav Mishra
Country Head at Panda Security, past life regression therapist

Views

- Advertisement -

Related news

Pakistan admits to funding terrorists with Rs 7 lakh crore

When the Soviets occupied Afghanistan in the 1980s, we used to train these mujahideen to do jihad against it: Pakistan PM Imran Khan

अमरीकी जासूस ने माना ‘पाकिस्तान आतंकवाद को भारत के ख़िलाफ़ हथियार की तरह इस्तेमाल करता है’

सीआईए के पूर्व निदेशक माइकल मोरेल का मानना है कि एक ग़लत मानसिकता पाकिस्तान को भारत के ख़िलाफ़ उकसाती है

CIA must monitor China’s rise as global power

Washington: Identifying China as a major national security challenge for the US, a top CIA official told lawmakers that the spy agency has an...
- Advertisement -
%d bloggers like this: