Skip to content
Return to Infoblox Homepage

Infoblox Threat Intel

Muddling Meerkat

Muddling Meerkat is a Chinese actor that is capable of controlling China’s Great Firewall. Most notably, the actor elicits fake DNS MX records from the firewall, a technique not previously reported. Since October 2019, the actor has executed sophisticated operations that have similarities to Slow Drip DDoS attacks, but have mysterious motives. They leverage open DNS resolvers and cleverly use super-aged domains to blend with regular DNS traffic, evading detection and demonstrating a deep nuanced understanding of DNS and security measures.

  • Operating since: At least October 2019
  • Infoblox discovered: December 2023
  • Infoblox published: April 2024
  • Prevalence: Uncommon

Threat actor resources

Press Release

Infoblox Threat Intel
April 29, 2024

Muddling Meerkat Press Release

Santa Clara, Calif., April 29, 2024 — Infoblox Inc., a leader in cloud networking and security services, today announced that its threat intel researchers,…

Read more

Infoblox Threat Intel
April 29, 2024

Muddling Meerkat Report

Sometimes there are threats we can observe but not fully understand. This might be doubly
true when the evidence comes from Domain Name System (DNS) logs.

Read more

Dr. Renée Burton
April 29, 2024

Muddling Meerkat Blog Post

This paper introduces a perplexing actor, Muddling Meerkat, who appears to be a People’s Republic of China (PRC) nation state actor.

Read more
Back To Top