Infoblox Threat Intel
Muddling Meerkat
Muddling Meerkat is a Chinese actor that is capable of controlling China’s Great Firewall. Most notably, the actor elicits fake DNS MX records from the firewall, a technique not previously reported. Since October 2019, the actor has executed sophisticated operations that have similarities to Slow Drip DDoS attacks, but have mysterious motives. They leverage open DNS resolvers and cleverly use super-aged domains to blend with regular DNS traffic, evading detection and demonstrating a deep nuanced understanding of DNS and security measures.
- Operating since: At least October 2019
- Infoblox discovered: December 2023
- Infoblox published: April 2024
- Prevalence: Uncommon