Discovers Multiyear Sophisticated Chinese DNS Operation
May 1, 2024, 11:02 p.m.
Tags
External References
Description
This report unveils a previously undisclosed multiyear operation conducted by a sophisticated actor called Muddling Meerkat. The operation employs Domain Name System (DNS) queries, open DNS resolvers, and interacts with China's Great Firewall. The tactics demonstrate the actor's ability to conduct extended covert operations, analogous to the recent compromise of the xz open source library. Muddling Meerkat appears to be a Chinese nation-state actor leveraging DNS infrastructure for unclear motives.
Date
Published: April 29, 2024, 3:18 p.m.
Created: April 29, 2024, 3:18 p.m.
Modified: May 1, 2024, 11:02 p.m.
Indicators
183.136.225.45
183.136.225.14
156.233.67.243
111.193.204.204
111.193.204.201
ricci@discuss.systems
zbo6.com
gogo.com
diggui.com
boxi.com
Attack Patterns
Muddling Meerkat
T1584.002
T1568.003
T1584.003
T1594
T1583.002
T1584.004
T1596
T1595.002
T1584.001
T1583.001
T1584.005
T1583.003
T1593
T1498