Infoblox Uncovers Sophisticated DNS Threat Actor: Muddling Meerkat
Infoblox, a leading provider of DNS security solutions, has made a groundbreaking discovery in the world of cyber threats. The company’s threat intel researchers, in collaboration with external experts, have identified a sophisticated threat actor known as “Muddling Meerkat.” This actor, believed to be linked to a state actor in China, has the ability to control the Great Firewall (GFW) of China, a system that regulates internet traffic in and out of the country.
What sets Muddling Meerkat apart is its advanced tactics in bypassing traditional security measures. By generating a high volume of distributed DNS queries through open DNS resolvers, this threat actor is able to manipulate internet traffic in a way that evades detection by conventional security systems. Infoblox, leveraging its expertise in DNS and threat intelligence, was able to detect and block Muddling Meerkat’s domains before any harm could be done to its customers.
Dr. Renée Burton, Vice President of Infoblox Threat Intel, emphasized the importance of having a robust DNS detection and response strategy in place to combat sophisticated threats like Muddling Meerkat. The actor’s operations, which have been ongoing since at least October 2019, involve intricate techniques such as inducing responses from the Great Firewall and using super-aged domains to blend in with legitimate DNS traffic.
The full report on Muddling Meerkat, detailing its tactics and potential motivations, is available for download. This discovery serves as a stark reminder of the evolving landscape of cyber threats and the critical role that DNS security plays in safeguarding against malicious actors. Infoblox’s proactive approach to threat intelligence has once again proven invaluable in staying ahead of emerging threats in the digital realm.