For the past five years, a threat actor likely connected to the Chinese government, named Muddling Meerkat, has been sending unusual DNS queries to map open DNS resolvers and gather information. They target old domains with short names through MX queries to potentially exploit open resolvers for future attacks. The Great Firewall of China plays a role, injecting responses to these queries
The attackers, suspected to be connected to the GFW operators, display sophisticated DNS manipulation tactics. This multi-year probing activity calls for organizations to remove open DNS resolvers and avoid using unowned fully qualified domain names to enhance network security and deter potential threats. ```https://www.csoonline.com/article/2096774/chinese-threat-actor-engaged-in-multi-year-dns-resolver-probing-effort.html