New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
China-Linked 'Muddling Meerkat' Conducts DNS Hijacking for Internet Mapping #358
Comments
|
You should remove ?ver=0.44 in the link so that visitor could get latestest verison article. @immartian |
Renée Burton of Infoblox has a technical blog post and report.
I have read the report. There are still some aspects that are unclear to me. The authors also say that the operation is mysterious and hard to explain. "The motivation for these operations is unclear." Here are the main points, according to my understanding:
Some quotes:
|
"A previously undocumented cyber threat called Muddling Meerkat has been conducting sophisticated domain name system (DNS) activities since October 2019. The threat actor, likely affiliated with the People's Republic of China, has the ability to control the Great Firewall and uses DNS open resolvers to send queries from Chinese IP space. The actor triggers DNS queries for mail exchange and other record types to domains not owned by them but under well-known top-level domains. Cloud security firm Infoblox detected over 20 such domains. The threat actor elicits a special kind of fake DNS MX record from the Great Firewall, indicating a relationship with the GFW operators. The exact motivation behind the activity is unclear, but it may be part of an internet mapping effort or research. The presence of false MX record responses from Chinese IP addresses is a remarkable feature of Muddling Meerkat. The full scope of the operation cannot be seen in any one location, raising concerns about undetected Chinese prepositioning operations. The article was published on April 29, 2024, by The Hacker News."
https://here.news/story/696bc9ee?ver=0.44
The text was updated successfully, but these errors were encountered: