Muddling Meerkat hackers manipulate DNS records for unknown reasons
The group uses China's Great Firewall in their operations
2 min. read
Published on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Cybersecurity researchers discovered a group of threat actors tied to China called Muddling Meerkat. In addition, they believe that the Chinese state supports them. The team of hackers began their operations in 2019. However, they became more active in 2023 when they found a way through China’s Great Firewall (GFW).
How do Muddling Meerkat cybercriminals operate?
Muddling Meerkat manipulates a specific part of DNS known as Mail Exchange (MX) records by inserting fake MX responses through China’s Great Firewall. If you didn’t know, the MX records are responsible for routing emails to specific mail servers. Also, the DNS is responsible for translating domain names into IP addresses.
China’s Great Firewall is the country’s internet censorship system. Usually, when you try to access a site blocked by the government, the GFW returns an IP address. In addition, it will do the same if you request services that don’t run on a domain. However, Muddling Meerkat operatives found a way to bypass this function. Thus, the researchers from Infoblox discovered mail records from domains without mail systems.
What is the reason behind the hacking operations?
The reason behind Muddling Meerkat’s actions is unknown. According to Renée Burton, the group may be trying to elaborate a plan for a denial-of-service (DoS) attack. Through it, the group of threat actors could try to block access to specific sites by flooding them.
Burton also said that Muddling Meerkat is not a typical group of average cybercriminals. They specialize in DNS. So, their behavior needs further research, especially since they could become a real threat. However, even if their method is complex, they use it for testing operations.
Muddling Meerkat targets domains with short names registered before 2000. After all, they are less likely to be on DNS blocklists. On top of that, most domains are either abandoned or repurposed for suspicious reasons.
In a nutshell, the final goal of the Muddling Meerkat group is unknown. However, cybersecurity researchers should further research their tactics, especially since they are specialists in DNS. Also, recently, hackers from China started various operations. So, cybersecurity specialists are on high alert.
What are your thoughts? What do you think is the reason behind Muddling Meerkat’s operations? Let us know in the comments.
User forum
0 messages