Security News > 2024 > April > Muddling Meerkat hackers manipulate DNS using China’s Great Firewall
Discovered by Infoblox, the activity does not have a clear goal or motivation but demonstrates sophistication and advanced capabilities to manipulate global DNS systems.
Muddling Meerkat manipulates DNS queries and responses by targeting the mechanism by which resolvers return the IP addresses.
The Great Firewall's function is typically to filter and block content by intercepting DNS queries and providing invalid responses, redirecting users away from certain sites.
To further obfuscate their activities, Muddling Meerkat makes DNS requests for random subdomains of their target domains, which often don't exist.
Infoblox reports that Muddling Meerkat chooses target domains with short names registered before 2000, making them less likely to be on DNS blocklists.
As for the purpose of the activity, Muddling Meerkat might be mapping networks and evaluating their DNS security to plan future attacks, or their goal could be to create DNS "Noise," which can help hide more malicious activities and confuse admins who attempt to pinpoint the source of anomalous DNS requests.