Muddling Meerkat Hacking Group Probed Networks Using China's Great Firewall

A recent surge in cyber operations, dubbed "Muddling Meerkat," is suspected to be orchestrated by a Chinese state-sponsored threat actor. This actor has been leveraging DNS manipulation techniques to probe networks worldwide since October 2019, with a noticeable escalation in September 2023. One distinctive feature of the Muddling Meerkat campaign is its utilization of MX (Mail Exchange) records manipulation, achieved by injecting false responses via China's Great Firewall (GFW). This tactic, previously unseen within China's internet censorship infrastructure, marks a significant departure from conventional methods. Infoblox uncovered this activity, characterized by its lack of discernible objectives or motives. However, it underscores the threat actor's high level of sophistication and advanced capabilities in tampering with global DNS systems. Read more...