Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Muddling Meerkat hackers manipulate DNS records for unknown reasons
The group uses China’s Great Firewall in their operations
2 min. read
Published onMay 1, 2024
published onMay 1, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Cybersecurity researchers discovered a group ofthreat actors tied to Chinacalled Muddling Meerkat. In addition, they believe that the Chinese state supports them. Theteam of hackersbegan their operations in 2019. However, they became more active in 2023 when they found a way through China’s Great Firewall (GFW).
How do Muddling Meerkat cybercriminals operate?
Muddling Meerkat manipulates a specific part of DNS known as Mail Exchange (MX) records by inserting fake MX responses through China’s Great Firewall. If you didn’t know, the MX records are responsible for routing emails to specific mail servers. Also, the DNS is responsible for translating domain names into IP addresses.
China’s Great Firewall is the country’s internet censorship system. Usually, when you try to access a site blocked by the government, the GFW returns an IP address. In addition, it will do the same if you request services that don’t run on a domain. However, Muddling Meerkat operatives found a way to bypass this function. Thus, the researchers fromInfoblox discoveredmail records from domains without mail systems.
What is the reason behind the hacking operations?
The reason behind Muddling Meerkat’s actions is unknown. According toRenée Burton, the group may be trying to elaborate a plan for a denial-of-service (DoS) attack. Through it, thegroup of threat actorscould try to block access to specific sites by flooding them.
Burton also said that Muddling Meerkat is not a typical group of average cybercriminals. They specialize in DNS. So, their behavior needs further research, especially since they could become a real threat. However, even if their method is complex, they use it for testing operations.
Muddling Meerkat targets domains with short names registered before 2000. After all, they are less likely to be on DNS blocklists. On top of that, most domains are either abandoned or repurposed for suspicious reasons.
In a nutshell, the final goal of the Muddling Meerkat group is unknown. However, cybersecurity researchers should further research their tactics, especially since they are specialists in DNS. Also, recently,hackers from Chinastarted various operations. So, cybersecurity specialists are on high alert.
What are your thoughts? What do you think is the reason behind Muddling Meerkat’s operations? Let us know in the comments.
More about the topics:Cybersecurity,DNS
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming. So, he spends his time writing prompts on various LLMs to understand them better. Additionally, Sebastian has experience fixing performance-related problems in video games and knows his way around Windows. Also, he is interested in anything related to quantum technology and becomes a research freak when he wants to learn more.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming.
