Muddling Meerkat hackers manipulate DNS using China’s Great Firewall
A new cluster of activity tracked as "Muddling Meerkat" is believed to be linked to a Chinese state-sponsored threat actor's manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September 2023.
A notable aspect of Muddling Meerkat's activity is the manipulation of MX (Mail Exchange) records by injecting fake responses through China's Great Firewall (GFW), an unusual and previously unseen behavior for the country's internet censorship system.
Discovered by Infoblox, the activity does not have a clear goal or motivation but demonstrates sophistication and advanced capabilities to manipulate global DNS systems.
By looking into massive volumes of DNS data, Infoblox researchers discovered an activity they say could easily fly under the radar or be mistaken for innocuous.
DNS is an essential functional component of the internet, translating human-readable domain names into IP addresses that computers use to identify each other on the network and establish connections.
