Network Security, Email security, Threat Intelligence

Global DNS manipulation conducted by suspected Chinese state-backed threat

A computer screen displays a digital alert of an email phishing threat, accompanied by a striking red warning sign.

Suspected Chinese state-backed threat operation Muddling Meerkat has ramped up global DNS manipulation since last September, nearly four years after it commenced such activities, BleepingComputer reports.

Intrusions by Muddling Meerkat involved the use of China's Great Firewall internet censorship system to inject fraudulent responses to Mail Exchange records, according to a report from Infoblox. With such actions targeting IP address return mechanisms to alter DNS queries and responses, Muddling Meerkat could facilitate misdirected emails and fake responses, said researchers.

"The GFW can be described as an “operator on the side," meaning that it does not alter DNS responses directly but injects its own answers, entering into a race condition with any response from the original intended destination. When the GFW response is received by the requester first, it can poison their DNS cache," noted researchers, who added that such an activity may have been conducted by the threat operation for network mapping and DNS security assessments for imminent attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.