Infoblox Threat Intel

Muddling Meerkat

Muddling Meerkat is a Chinese actor that is capable of controlling China’s Great Firewall. Most notably, the actor elicits fake DNS MX records from the firewall, a technique not previously reported. Since October 2019, the actor has executed sophisticated operations that have similarities to Slow Drip DDoS attacks, but have mysterious motives. They leverage open DNS resolvers and cleverly use super-aged domains to blend with regular DNS traffic, evading detection and demonstrating a deep nuanced understanding of DNS and security measures.

Operating since: At least October 2019
Infoblox discovered: December 2023
Infoblox published: April 2024
Prevalence: Uncommon

Threat actor resources

Press Release

Infoblox Threat Intel
April 29, 2024

Muddling Meerkat Press Release

Santa Clara, Calif., April 29, 2024 — Infoblox Inc., a leader in cloud networking and security services, today announced that its threat intel researchers,…

Report

Infoblox Threat Intel
April 29, 2024

Muddling Meerkat Report

Sometimes there are threats we can observe but not fully understand. This might be doubly
true when the evidence comes from Domain Name System (DNS) logs.

Blog

Dr. Renée Burton
April 29, 2024

Muddling Meerkat Blog Post

This paper introduces a perplexing actor, Muddling Meerkat, who appears to be a People’s Republic of China (PRC) nation state actor.

Infoblox Threat Intel

Muddling Meerkat

Threat actor resources

Press Release

Muddling Meerkat Press Release

Report

Muddling Meerkat Report

Blog

Muddling Meerkat Blog Post

Products

Solutions

Company

Resources

Get Infoblox Email Updates