The project WikiLeaks released a new batch of CIA documents from the array under the name of Vault 7. The new collection includes several dozens of documents relating to the project CherryBlossom, in which the American special services together with Stanford research Institute developed malware to infect wireless routers and access points.
In documents provided router manufacturers who have successfully hacked the CIA. Among the victims of the models of Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao and US Robotics. The CIA tried to access the base stations Apple AirPort, but the encryption system and proprietary hardware have allowed researchers to perform targeted attacks.
As explained by SecurityLab, device gets infected with virus CherryBlossom allows you to monitor the Internet activity of users, as well as manage their Internet traffic. So, when a modification to the traffic your device is able to inject malicious content in the data stream, which exchanges user and the Internet service, for the exploitation of vulnerabilities in applications or OS on the target computer.
In addition, for infecting the router the virus does not require physical access to it. After the installation of malicious firmware to the device associated with the command and control server and sends data about its status and other information, and then receives commands to perform various actions. Speech can go about checking the Internet traffic on the subject of e-mail addresses, usernames, MAC addresses, VoIP numbers. Also the router can receive a command to copy the network traffic of the victim and to redirect the browser.
According to the released content, it’s not clear how widely the CIA used CherryBlossom, though some documents point to the fact that it is actively used against specific targets.