A cyber threat named Muddling Meerkat, likely originating from China, manipulates DNS activities globally since October 2019, using DNS open resolvers to send queries from Chinese IP space, triggering DNS queries for various record types to domains not owned by them. The threat has been identified by Infoblox, who detected anomalous DNS MX record requests, possibly linked to the People's Republic of China, highlighting a sophisticated understanding of DNS. The threat, which seems to have a relationship with the Great Firewall, operates almost daily, issuing false MX record responses, differing from GFW behavior, raising questions about its motives such as internet mapping or research
Despite warning from agencies like CISA and the FBI about undetected Chinese operations, the full scope of Muddling Meerkat's activities remains unclear, reflecting a higher complexity compared to conventional malware operations. https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html