We’re told Cherry Blossom, or at least version 5 of it, allows agents to infect both wireless and wired access points by installing a firmware upgrade dubbed FlyTrap that can be put on the device without needing physical access to it.
Flytrap can monitor internet traffic through the router, redirect web browser connections to websites that the CIA wants a target to see, proxy a target’s network connections, and harvest and copy data traffic. It then sends it all back to a command and control system called Cherry Tree.
“The key component is the Flytrap, which is typically a wireless (802.11/WiFi) device (router/access point) that has been implanted with CB firmware,” the documents state.
“Many wireless devices allow a firmware upgrade over the wireless link, meaning a wireless device can often be implanted without physical access. Supported devices … can be implanted by upgrading the firmware using a variety of tools/techniques.”
According to the documents, Cherry Tree servers are located in secure locations and run on Dell PowerEdge 1850-powered virtual servers, running Red Hat Fedora 9, with at least 4GB of RAM. Infections can also be managed via a web portal called Cherry Web. Fedora 9 was released in 2008, which gives you an idea of how far back this tech dates, and how many years it may have been in use.