Summary: Today, CISA—in partnership with the NSA, FBI, Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ)—released a joint Cybersecurity Advisory “Fast Flux: A National Security Threat.” This advisory warns organizations, internet service providers (ISPs), and cybersecurity service providers of the ongoing threat of fast flux enabled malicious activities and provides guidance on detection and mitigations to safeguard critical infrastructure and national security.

Analyst Note: CISA and the partner agencies are drawing awareness to a gap in many network defenses for detecting and blocking a threat actor technique known as “fast flux.” Fast flux enables threat actors to consistently evade detection and obfuscate the locations of malicious servers, allowing them to conceal subsequent operations. It gives these threat actors increased resilience, anonymity, and renders IP blocking ineffective. Additionally, fast flux can play a significant role in phishing campaigns by making social engineering websites harder to block or take down.

CISA suggests that all organizations should coordinate with their internet service providers and cybersecurity providers to implement the mitigations included in the advisory and to implement a multi-layered approach to detect and block fast flux enabled cyber activity.

Original Source: https://media.defense.gov/2025/Apr/02/2003681172/-1/-1/0/CSA-FAST-FLUX.PDF

Related WaterISAC PIRs: 6, 6.1, 10, 10.2, 12