April 29, 2024 at 11:52AM
Renée Burton, VP of threat research at Infoblox, uncovered Muddling Meerkat, a China-linked threat group evading the Great Firewall using open DNS resolvers and mail records. Their covert DNS traffic, possibly for reconnaissance or DNS denial-of-service attacks, demonstrates expertise in bypassing China’s Internet censorship. Infoblox and partners are investigating this unprecedented and concerning activity.
Based on the meeting notes, the main key takeaways are:
1. A threat group named Muddling Meerkat has been found to have developed a novel method of bypassing China’s Great Firewall using open DNS resolvers and mail records to communicate, allowing for covert traffic.
2. Muddling Meerkat appears to have specific expertise in DNS manipulation, and their activities have been ongoing for at least four and a half years.
3. The group’s capabilities and actions, while not entirely understood, suggest a potential for reconnaissance activities and potential DNS denial-of-service attacks, raising concerns about their positioning within critical infrastructure.
4. The Muddling Meerkat operation involves complex and sophisticated use of DNS, and there are concerns that it may be part of larger cyber operations against critical infrastructure.
5. The collaboration between Infoblox and other organizations has revealed an unexplained and covert Internet traffic, initially detected in October 2019, which could be related to Muddling Meerkat’s activities.
6. Further research is required to fully understand the purpose and implications of the covert DNS traffic, and collaboration with additional research participants is needed due to the complexity and widespread nature of the operation.
These takeaways provide a clear summary of the key findings and concerns discussed in the meeting, allowing for informed decision-making and potential actions to address the identified threats.