As part of the Vault 7 project, WikiLeaks continues to publish confidential documents from the US Central Intelligence Agency. This time, the organization released information about the CherryBlossom ("Cherry Blossom") tool, developed by the CIA in conjunction with the Stanford Research Institute.

The CherryBlossom project is aimed at tracking the Internet activity of users. In particular, the tool provides opportunities for compromising wireless network devices, such as routers and access points. Similar Wi-Fi devices are widely used in homes, public places (bars, hotels, airports and t. ), At the enterprises of medium and small business and pr. Thus, these devices are the ideal target for "man in the middle" attacks, allowing you to easily track, manage and manipulate Internet traffic of users. By modifying traffic, an infected device can inject malicious content into the data stream exchanged between the user and the Internet service to exploit vulnerabilities in applications or on the target computer,.

Compromise of the wireless device is carried out with the help of malicious firmware CherryBlossom, and this does not require physical access.

After installing the firmware, the device communicates with the management server, which in the documents appears under the name CherryTree ("Cherry Tree"), transmits its status information and other information, and then receives commands from the server to perform various actions. For example, to check network traffic for e-mail addresses, logins, MAC addresses, VoIP numbers, copy the victim's network traffic, redirect the browser, proxy the network connections and t.

In early June, WikiLeaks published documents about unusual malware Pandemic, designed to break into computers with shared folders, from which users upload files using the SMB protocol.