Security News > 2024 > April > Muddling Meerkat hackers manipulate DNS using China’s Great Firewall
Discovered by Infoblox, the activity does not have a clear goal or motivation but demonstrates sophistication and advanced capabilities to manipulate global DNS systems.
Muddling Meerkat manipulates DNS queries and responses by targeting the mechanism by which resolvers return the IP addresses.
The Great Firewall's function is typically to filter and block content by intercepting DNS queries and providing invalid responses, redirecting users away from certain sites.
To further obfuscate their activities, Muddling Meerkat makes DNS requests for random subdomains of their target domains, which often don't exist.
Infoblox reports that Muddling Meerkat chooses target domains with short names registered before 2000, making them less likely to be on DNS blocklists.
As for the purpose of the activity, Muddling Meerkat might be mapping networks and evaluating their DNS security to plan future attacks, or their goal could be to create DNS "Noise," which can help hide more malicious activities and confuse admins who attempt to pinpoint the source of anomalous DNS requests.
News URL
Related news
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale (source)
- China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices (source)
- China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (source)
- Hackers use DNS tunneling for network scanning, tracking victims (source)
- China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT (source)