Network Security, Threat Intelligence
Global DNS probing operation by Chinese threat actor discovered

Today’s columnist, Garrett Weber of Akamai, explains the five reasons microsegmentation projects tend to fail. (Adobe Stock)
Global domain name system probes have been deployed by China-linked actor SecShow since June, The Hacker News reports.Operations of the campaign have originated from the Chinese government-funded China Education and Research Network and may have been associated with research concerning IP address spoofing technique measurements within secshow[.]net domains, according to a report from Infoblox.Further analysis showed the probes involving open DNS resolver discovery and DNS response calculations through a CERNET nameserver controlled by SecShow, which yields a random IP address that then triggers query amplification by Palo Alto Cortex Xpanse."The end goal of the SecShow operations is unknown, but the information that is gathered can be used for malicious activities and is only for the benefit of the actor," said researchers. Such a development comes after Chinese state-sponsored threat operation Muddling Meerkat was reported to have increased global DNS manipulation operations, as well as the emergence of the novel Rebirth distributed denial-of-service botnet.
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds