Skip to main content

CIA malware has been targeting home routers for a decade

(Image credit: Image Credit: JMiks / Shutterstock)

WikiLeaks has recently released a bunch of documents which claim the CIA has been secretly infecting home routers with malware for ten years now.

The malware, dubbed CherryBlossom (opens in new tab), allows the attackers to monitor, and manipulate, both outgoing and incoming traffic. It also allows it to infect any connected devices, as well.

“CherryBlossom provides a means of monitoring the Internet activity of and performing software exploits on Targets of interest,” WikiLeaks says. 

“In particular, CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals. Such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium sized companies as well as enterprise offices.” 

A wide variety of routers can be infected, the documents state, including Linksys, DLink and Belkin. Those with default or simple passwords are a piece of cake. Those with harder security credentials can also be broken into, in case the users haven’t turned off the ‘universal plug and play’ feature. By default, this feature is turned on.

CherryBlossom can be used for a lot of different attacks. Attackers can copy parts or all of the victim’s traffic, copy email addresses, chat usernames, VoIP numbers. They can perform a ‘drive-by malware attack’, too.

The information was leaked with the Vault7 series. WikiLeaks claims CherryBlossom was made possible when the ‘CIA lost control of the majority of its hacking arsenal’.  

“These devices are the ideal spot for "Man-In-The-Middle" attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users,” the report says. 

“By altering the data stream between the user and Internet services, the infected device can inject malicious content into the stream to exploit vulnerabilities in applications or the operating system on the computer of the targeted user.

Image Credit: JMiks / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.