Muddling Meerkat: Infoblox Exposes Chinese State-Linked DNS Threat
May 1, 2024
Infoblox researchers have identified a DNS-based cyber threat called 'Muddling Meerkat,' believed to be linked to a Chinese state actor.
The threat exploits open DNS resolvers globally, generating high volumes of DNS queries to bypass security and manipulate China's Great Firewall.
Muddling Meerkat has been active for five years, mapping open DNS resolvers and using 'super-aged' domains for stealth and control over the Great Firewall.
Indications of ongoing, low-volume Slow Drip DDoS attacks since May 2018 suggest a potential for future large-scale DNS denial-of-service attacks.
Researchers advocate for the removal of open DNS resolvers and caution against using unowned fully qualified domain names for DNS and Active Directory.
The activities of Muddling Meerkat underscore the comprehensive cyber threat posed by the Chinese Communist Party to US critical infrastructure.
Summary based on 5 sources
Get a daily email with more Tech stories
Sources
CSO Online • Apr 30, 2024
Chinese threat actor engaged in multi-year DNS resolver probing effort
Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News • May 1, 2024
Muddling Meerkat Group Suspected of Espionage via Great Firewall of China
APDR • Apr 30, 2024
New threat actor controlling China’s Great Firewall - APDR
CybersecurityNews • Apr 30, 2024
Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication