Muddling Meerkat hackers manipulate DNS records for unknown reasons

The group uses China's Great Firewall in their operations

News

Reading time icon 2 min. read

Calendar icon Published on

by Sebastian Filipoiu 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

An image the Muddling Meerkat manipulating DNS generated by AI

Cybersecurity researchers discovered a group of threat actors tied to China called Muddling Meerkat. In addition, they believe that the Chinese state supports them. The team of hackers began their operations in 2019. However, they became more active in 2023 when they found a way through China’s Great Firewall (GFW).

How do Muddling Meerkat cybercriminals operate?

Muddling Meerkat manipulates a specific part of DNS known as Mail Exchange (MX) records by inserting fake MX responses through China’s Great Firewall. If you didn’t know, the MX records are responsible for routing emails to specific mail servers. Also, the DNS is responsible for translating domain names into IP addresses.

China’s Great Firewall is the country’s internet censorship system. Usually, when you try to access a site blocked by the government, the GFW returns an IP address. In addition, it will do the same if you request services that don’t run on a domain. However, Muddling Meerkat operatives found a way to bypass this function. Thus, the researchers from Infoblox discovered mail records from domains without mail systems.

What is the reason behind the hacking operations?

The reason behind Muddling Meerkat’s actions is unknown. According to Renée Burton, the group may be trying to elaborate a plan for a denial-of-service (DoS) attack. Through it, the group of threat actors could try to block access to specific sites by flooding them.

Burton also said that Muddling Meerkat is not a typical group of average cybercriminals. They specialize in DNS. So, their behavior needs further research, especially since they could become a real threat. However, even if their method is complex, they use it for testing operations.

Muddling Meerkat targets domains with short names registered before 2000. After all, they are less likely to be on DNS blocklists. On top of that, most domains are either abandoned or repurposed for suspicious reasons.

In a nutshell, the final goal of the Muddling Meerkat group is unknown. However, cybersecurity researchers should further research their tactics, especially since they are specialists in DNS. Also, recently, hackers from China started various operations. So, cybersecurity specialists are on high alert.

What are your thoughts? What do you think is the reason behind Muddling Meerkat’s operations? Let us know in the comments.

More about the topics: Cybersecurity, DNS

Sebastian Filipoiu

Sebastian Filipoiu Shield

Sebastian is a content writer with a desire to learn everything new about AI and gaming. So, he spends his time writing prompts on various LLMs to understand them better. Additionally, Sebastian has experience fixing performance-related problems in video games and knows his way around Windows. Also, he is interested in anything related to quantum technology and becomes a research freak when he wants to learn more.