Hibernating cluster wakes up to map the entire Internet - but what could it be planning?

Sead Fadilpašić

April 30, 2024 at 11:00 AM·2 min read

Flags of the People's Republic of China, hanging in a park during National Day in Beijing, China.

Chinese state-sponsored actors are apparently mapping out the entire internet, but it’s hard to determine why. Some media speculate that it might be in preparation for a large-scale cyberattack.

Cybersecurity researchers from Infoblox recently reported that an activity cluster known as Muddling Meerkat has suddenly woken up. This activity was first spotted in 2019, after which it was dormant until September last year.

It seems predominantly designed to manipulate global DNS systems - decentralized network infrastructure that translates human-readable domain names into numeric IP addresses, enabling users to easily access websites and services on the internet.

Slow Drip DDoS or something else?

The activity cluster also manipulates mail exchange (MX) records, by inserting fraudulent responses through the Great Firewall (GFW).

Usually, the Great Firewall will intercept DNS queries leading towards forbidden websites and will return an invalid response, thus essentially blocking access. By triggering false MX record responses from the firewall, the hackers can redirect emails, it was said.

"The GFW can be described as an “operator on the side," meaning that it does not alter DNS responses directly but injects its own answers, entering into a race condition with any response from the original intended destination," the researchers explained. When the GFW response is received by the requester first, it can poison their DNS cache."

"In addition to the GFW, China operates a system referred to as the Great Cannon (GC). The GC is an“operator in the middle,” allowing it to modify packets en route to their destination."

While the findings may point towards a distributed denial of service (DDoS) attack known as “Slow Drip”, Infoblox is more of the opinion that Muddling Meerkat is just testing the resilience of networks. The campaign mostly targets short-named domains, registered before the year 2000, probably to avoid targeting the ones on DNS blocklists.

The motive behind the campaign is currently unknown, but in its writeup, BleepingComputer argued the goal could be to “map networks and evaluate their DNS security to plan future attacks”, or to just create “DNS noise” which can hide bigger attacks happening simultaneously.

More from TechRadar Pro

China wants to export its Great Firewall to other countries
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Yahoo Finance
Netflix ad tier reaches 40 million monthly active users
The announcement marked a big increase from the 5 million users the company disclosed one year ago.
Engadget
Chuck Schumer is dropping the ball on regulating AI
A new legislative plan from a bipartisan group of senators outlines billions for AI research and development while passing the buck on regulation to various committees.
TechCrunch
The top AI announcements from Google I/O
Google’s going all in on AI — and it wants you to know it. During the company’s keynote at its I/O developer conference on Tuesday, Google mentioned “AI” more than 120 times. Google plans to use generative AI to organize entire Google Search results pages.
Yahoo TV
Kevin Costner shares his side of 'Yellowstone' drama: Where he stands on the future of the series
Part one of "Yellowstone" Season 5 ended in January 2023. Since then, its star Kevin Costner walked away from his starring role — and there's been a very public back-and-forth over why that happened.
TechCrunch
Quilt heat pump sports sleek design from veterans of Apple, Tesla and Nest
Heating and air conditioning is usually pretty boring stuff, performed by appliance-like boxes with uninspired designs, from sheet metal outdoor units to cheap plastic indoor mini-splits. The heat pump startup unveiled its first products on Wednesday, and they sport the sort of sleek and intuitive designs you’d expect from veterans of Apple, Nest, Google and Tesla. While design is a big part of the appeal, the startup wants to make the entire heat pump experience better.
Yahoo Sports
PGA Championship: Brooks Koepka, big-game hunter, is in his element
Brooks Koepka heads to the PGA Championship seeking his sixth career major victory.
Yahoo Life
Extreme heat can be dangerous for kids. Here's how to keep them safe in high temperatures.
"Kids' bodies produce heat faster than adults and they can't get rid of that heat as quickly," an expert warns.
Engadget
A group of TikTok creators are also suing the US government to stop a ban of the app
Eight TikTok creators have sued the US government in an effort to block a law that could lead to a ban of the app.
Autoblog
2024 Alfa Romeo Giulia and Stelvio Quadrifoglio Super Sports close the book
The limited-edition 2024 Alfa Romeo Giulia and Stelvio Quadrifoglio Super Sports end the Quadrifoglio's ICE era with special trim, no special performance.
Autoblog
2025 Kia Sorento Hybrid adopts the family look, costs more
The 2025 Kia Sorento Hybrid adopts the family look introduced on the 2024 Sorento, as well as new tech, new colors inside and out, and new wheels.
Yahoo Life
The eyes (now) have it: Here's the serum that gave me full, fluffy brows and lashes
GrandeLash and GrandeBrow will make a believer out of you.
Engadget
Assassin's Creed Shadows brings stealthy mayhem to feudal Japan on November 15
Ubisoft just revealed a November 15 release date for Assassin's Creed Shadows. It’ll be available on every major console platform, in addition to both PC and Mac.
Autoblog
Only a tiny fraction of Tesla FSD trial users signed up to pay for it
Tesla has tried a few promotional measures to drive FSD adoption, but they have so far not been the ticket it's looking for.
TechCrunch
Google I/O 2024: Here's everything Google just announced
It’s that moment you’ve been waiting for all year: Google I/O keynote day! Google kicked off its developer conference each year with a rapid-fire stream of announcements, including many unveilings of recent things it's been working on. On Wednesday, Google announced it is adding new security and privacy protections to Android, including on-device live threat detection to catch malicious apps, new safeguards for screen sharing, and better security against cell site simulators.
Yahoo Life Shopping
These are the best under eye creams of 2024, tested and reviewed
From bags to dark circles, wrinkles to crepey skin, the delicate area under our eyes poses a host of issues. Here's how to safely target them.
Yahoo News
Trump hush money trial: What we've learned from the Stormy Daniels and Michael Cohen testimony so far
Here are some of the key highlights, revelations and dramatic moments from the combined 16 and a half hours that the prosecution’s star witnesses spent on the witness stand.
Autoblog
25 cars most likely, and 25 least likely, to face future recalls
Automotive data firm iSeeCars looked at past government vehicle recall data and then projected future likely recall expectations, creating a list of cars most and least likely to be recalled.
Engadget
Tamagotchi collectors rejoice: Bandai is finally rereleasing a beloved model from 2004
Bandai announced this week that it’s bringing back the Tamagotchi Connection to celebrate the 20th anniversary of the toy’s release. Pre-orders are now open for the Connection in six colors, at $30 each. It will ship July 9.
Engadget
Uber will soon let you reserve a shuttle to get home from a big concert or ballgame
Uber announced a bunch of new shuttle options, along with other stuff, at its GO-GET event. Users will be able to book shared rides up to seven days in advance.
Yahoo Life
Climbing stairs has lots of health benefits. Here are 3 ways to make the most of it.
What experts say about stair climbing as a measure of your health — and ways to make it more effective for you.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Hibernating cluster wakes up to map the entire Internet - but what could it be planning?

Slow Drip DDoS or something else?

More from TechRadar Pro

Recommended Stories

Netflix ad tier reaches 40 million monthly active users

Chuck Schumer is dropping the ball on regulating AI

The top AI announcements from Google I/O

Kevin Costner shares his side of 'Yellowstone' drama: Where he stands on the future of the series

Quilt heat pump sports sleek design from veterans of Apple, Tesla and Nest

PGA Championship: Brooks Koepka, big-game hunter, is in his element

Extreme heat can be dangerous for kids. Here's how to keep them safe in high temperatures.

A group of TikTok creators are also suing the US government to stop a ban of the app

2024 Alfa Romeo Giulia and Stelvio Quadrifoglio Super Sports close the book

2025 Kia Sorento Hybrid adopts the family look, costs more

The eyes (now) have it: Here's the serum that gave me full, fluffy brows and lashes

Assassin's Creed Shadows brings stealthy mayhem to feudal Japan on November 15

Only a tiny fraction of Tesla FSD trial users signed up to pay for it

Google I/O 2024: Here's everything Google just announced

These are the best under eye creams of 2024, tested and reviewed

Trump hush money trial: What we've learned from the Stormy Daniels and Michael Cohen testimony so far

25 cars most likely, and 25 least likely, to face future recalls

Tamagotchi collectors rejoice: Bandai is finally rereleasing a beloved model from 2004

Uber will soon let you reserve a shuttle to get home from a big concert or ballgame

Climbing stairs has lots of health benefits. Here are 3 ways to make the most of it.