Back

Discovers Multiyear Sophisticated Chinese DNS Operation

May 1, 2024, 11:02 p.m.

Tags

china
dns
nation-state
great firewall
sophisticated

External References

https://blogs.infoblox.com/

https://otx.alienvault.com/

Description

This report unveils a previously undisclosed multiyear operation conducted by a sophisticated actor called Muddling Meerkat. The operation employs Domain Name System (DNS) queries, open DNS resolvers, and interacts with China's Great Firewall. The tactics demonstrate the actor's ability to conduct extended covert operations, analogous to the recent compromise of the xz open source library. Muddling Meerkat appears to be a Chinese nation-state actor leveraging DNS infrastructure for unclear motives.

Date

Published Created Modified
April 29, 2024, 3:18 p.m. April 29, 2024, 3:18 p.m. May 1, 2024, 11:02 p.m.

Indicators

ricci@discuss.systems

Attack Patterns

Muddling Meerkat

T1584.002

T1568.003

T1584.003

T1594

T1583.002

T1584.004

T1596

T1595.002

T1584.001

T1583.001

T1584.005

T1583.003

T1593

T1498