Cyber Threat Report: 'MUDDLING MEERKAT: THE GREAT FIREWALL MANIPULATOR'

This research from infoblox details a sophisticated cyber operation involving DNS queries, open DNS resolvers, and China's Great Firewall, attributed to a Chinese nation state actor who they call 'Muddling Meerkat'. The operation uses complex DNS manipulation to remain undetected and has been active since at least October 2019. The infrastructure and queries observed demonstrate unusual behaviour which the authors link back to China's Great Firewall, this includes providing fake DNS responses, which is not typically documented. The report also provides recommendations for mitigating some of the associated risks and detecting related behaviour in the future.