Ring Device accessing a DNS server in Austria designated as a C&C risk

I have four Ring security cams.
Just recently the stick-up cam has begun trying to reach a DNS server in Austria. According to my firewall security, the server in question poses a C2/Generic-A security threat.
This has just started happening within the last week.
ulogd[20523]: id=“2022” severity=“info” sys=“SecureNet” sub=“packetfilter” name=“Packet dropped (ATP)” action=“drop” fwrule=“63001” initf=“eth1” threatname=“C2/Generic-A” srcmac=“xx:xx:xx:xx:48:72” dstmac=“00:13:3b:11:25:19” srcip=“” dstip=“” proto=“17” length=“60” tos=“0x00” prec=“0x00” ttl=“255” srcport=“32091” dstport=“53”
the registered name for the server is “Silent Ghost”, which is rather ominous-sounding.
I performed a factory reset on the device and assigned it a different IP address but the problem is now being flagged on the new address. None of my other cameras are doing this. (Nor any of my other devices or computers.)
You can find out more about this threat at https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx
Has anyone had a similar experience?
Thankfully my firewall blocks this behavior but I’m concerned that the ring cam firmware may be compromised.

Hi @jerseyguy. Thanks for sharing this information. I suggest reaching out to our support team so out Neighbor Solution Experts can take a look and determine what this is. Please give our support team a call at one of the numbers available here. We’re taking additional steps to protect our team and help reduce the spread of COVID-19, so this has resulted in longer than normal wait times. If you are outside of the US, please read our response to COVID-19 here to see how to contact support.

Hi - I’m getting the same alarm from our sophos firewall.
At the moment this affects 2 cameras out of 8.
Firewall blocked the connection to this

Any hints or similar experience?

Found out, that this address above is an OpenNic Tier 2 DNS Resolver.

But when following https://servers.opennic.org/ the above mentioned IP is not listed.

So the question is still valid…