The mysterious DNS operation involving the Chinese Great Firewall
Since 2019, the Muddling Meerkat group has been using DNS manipulation to explore networks around the world, with threats related to China.
Researchers at Infoblox have discovered that threats associated with China, specifically the Muddling Meerkat group, have been using sophisticated DNS activities since 2019 to bypass traditional security measures and explore networks worldwide. They noted an increase in activity in September 2023.
Threats seem to have the ability to control the Great Firewall of China and have used a new technique involving fake DNS MX records. The attackers utilized "old" domains, typically registered before the year 2000, to evade DNS blocks and simultaneously blend in with old malware.
However, Infoblox researchers have still not been able to determine the motivation behind the attacks. Many of the targeted domains, according to their observations, do not have functional mail servers, which makes these requests even more puzzling. The report also includes recommendations for countering these activities.
Tags
Comment
Popular Posts
Subscribe to the newsletter from Hatamatata.com!
Subscribe to the newsletter from Hatamatata.com!
I agree to the processing of personal data and confidentiality rules of Hatamatata