Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

User Manual Description of VPN
Server
Using VPN Link and VPN Proxy
(S) Figure 50 shows the CB architecture related to VPN actions. When a
Flytrap begins either a VPN Proxy Action or a VPN Link Action (i.e.,
through Mission tasking), it first establishes an encrypted VPN tunnel to
the CB VPN Server (CB-VPN). The CB-VPN requires authentication to
establish the VPN tunnel.
(S) NOTE: in general, a CB-VPN server could be located anywhere (as
illustrated in Figure 50). The CB team maintains a production CB-VPN
server that is located behind the sponsor firewall on the sponsor network
(see the “CB Server/Sponsor Network Diagram” in the “CB Installation
Guide"). For this server, connections from the Flytrap are proxied
through a PoP (see 5.3) to the CB-VPN server.
Target
Implanted
Wireless
Device
(Flytrap)
Internet
Cherry Blossom
VPN Proxy Server
(CB-VPN)
Sponsor
Firewall
Command
& Control
Server
(CherryTree)
Sponsor
Network
User
Interface
(CherryWeb)
Icon Terminal
Key
Path to Flytrap LAN/WLAN via
VPN Link
VPN Proxy of Google Request
CB System Component
Google Server
VPN Tunnel

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh