This may read at first like a story about failed research, but it’s actually a story about how research may seek one thing and wind up discovering something entirely different.

In March 2024, we published a blog report on an actor we call Muddling Meerkat, who conducts puzzling DNS operations via the Chinese Great Firewall. We had invested significant time in our research but were unable to figure out the purpose of these multiyear operations. Rather than putting the work into a drawer, we decided to release what we knew about the activity so others would share their own insights and, collectively, we might come to understand the true nature of Muddling Meerkat. It worked! The blog drew ideas from professionals in networking and security alike; some were able to provide anonymized data about their own view of Muddling Meerkat, or at least the so-called “target domains” we see in DNS.