Discovers Multiyear Sophisticated Chinese DNS Operation

May 1, 2024, 11:02 p.m.

Description

This report unveils a previously undisclosed multiyear operation conducted by a sophisticated actor called Muddling Meerkat. The operation employs Domain Name System (DNS) queries, open DNS resolvers, and interacts with China's Great Firewall. The tactics demonstrate the actor's ability to conduct extended covert operations, analogous to the recent compromise of the xz open source library. Muddling Meerkat appears to be a Chinese nation-state actor leveraging DNS infrastructure for unclear motives.

External References

https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/
https://otx.alienvault.com/pulse/662fba4db6111e6e3c1cb5f2
Tags
china
dns
nation-state
great firewall
sophisticated

Date

  • Created: April 29, 2024, 3:18 p.m.
  • Published: April 29, 2024, 3:18 p.m.
  • Modified: May 1, 2024, 11:02 p.m.

Indicators

  • 183.136.225.45
  • 183.136.225.14
  • 156.233.67.243
  • 111.193.204.204
  • 111.193.204.201
  • ricci@discuss.systems
  • zbo6.com
  • gogo.com
  • diggui.com
  • boxi.com
Download all indicators here!

Attack Patterns

  • Muddling Meerkat