1、 TLP:CLEAR This information is marked TLP:CLEAR.Recipients may share this information without restriction.U/OO/136180-25|PP-25-1337|April 2025 Ver.1.0 TLP:CLEAR Cybersecurity Advisory Fast Flux:A National Security Threat Executive summary Many networks have a gap in their defenses for detecting and

2、blocking a malicious technique known as“fast flux.”This technique poses a significant threat to national security,enabling malicious cyber actors to consistently evade detection.Malicious cyber actors,including cybercriminals and nation-state actors,use fast flux to obfuscate the locations of malici

3、ous servers by rapidly changing Domain Name System(DNS)records.Additionally,they can create resilient,highly available command and control(C2)infrastructure,concealing their subsequent malicious operations.This resilient and fast changing infrastructure makes tracking and blocking malicious activiti

4、es that use fast flux more difficult.The National Security Agency(NSA),Cybersecurity and Infrastructure Security Agency(CISA),Federal Bureau of Investigation(FBI),Australian Signals Directorates Australian Cyber Security Centre(ASDs ACSC),Canadian Centre for Cyber Security(CCCS),and New Zealand Nati

5、onal Cyber Security Centre(NCSC-NZ)are releasing this joint cybersecurity advisory(CSA)to warn organizations,Internet service providers(ISPs),and cybersecurity service providers of the ongoing threat of fast flux enabled malicious activities as a defensive gap in many networks.This advisory is meant

6、 to encourage service providers,especially Protective DNS(PDNS)providers,to help mitigate this threat by taking proactive steps to develop accurate,reliable,and timely fast flux detection analytics and blocking capabilities for their customers.This CSA also provides guidance on detecting and mitigat