Network Security, Threat Intelligence

Global DNS probing operation by Chinese threat actor discovered

Global Network Safety Concept. Blue Networking Concept Illustration with World Map and Network Hubs.

Global domain name system probes have been deployed by China-linked actor SecShow since June, The Hacker News reports.

Operations of the campaign have originated from the Chinese government-funded China Education and Research Network and may have been associated with research concerning IP address spoofing technique measurements within secshow[.]net domains, according to a report from Infoblox.

Further analysis showed the probes involving open DNS resolver discovery and DNS response calculations through a CERNET nameserver controlled by SecShow, which yields a random IP address that then triggers query amplification by Palo Alto Cortex Xpanse.

"The end goal of the SecShow operations is unknown, but the information that is gathered can be used for malicious activities and is only for the benefit of the actor," said researchers.

Such a development comes after Chinese state-sponsored threat operation Muddling Meerkat was reported to have increased global DNS manipulation operations, as well as the emergence of the novel Rebirth distributed denial-of-service botnet.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.