Global domain name system probes have been deployed by China-linked actor SecShow since June, The Hacker News reports.
Operations of the campaign have originated from the Chinese government-funded China Education and Research Network and may have been associated with research concerning IP address spoofing technique measurements within secshow[.]net domains, according to a report from Infoblox.
Further analysis showed the probes involving open DNS resolver discovery and DNS response calculations through a CERNET nameserver controlled by SecShow, which yields a random IP address that then triggers query amplification by Palo Alto Cortex Xpanse.
"The end goal of the SecShow operations is unknown, but the information that is gathered can be used for malicious activities and is only for the benefit of the actor," said researchers.
Such a development comes after Chinese state-sponsored threat operation Muddling Meerkat was reported to have increased global DNS manipulation operations, as well as the emergence of the novel Rebirth distributed denial-of-service botnet.