Suspected Chinese state-backed threat operation Muddling Meerkat has ramped up global DNS manipulation since last September, nearly four years after it commenced such activities, BleepingComputer reports.
Intrusions by Muddling Meerkat involved the use of China's Great Firewall internet censorship system to inject fraudulent responses to Mail Exchange records, according to a report from Infoblox. With such actions targeting IP address return mechanisms to alter DNS queries and responses, Muddling Meerkat could facilitate misdirected emails and fake responses, said researchers.
"The GFW can be described as an “operator on the side," meaning that it does not alter DNS responses directly but injects its own answers, entering into a race condition with any response from the original intended destination. When the GFW response is received by the requester first, it can poison their DNS cache," noted researchers, who added that such an activity may have been conducted by the threat operation for network mapping and DNS security assessments for imminent attacks.