NSA and International Partners Warn of Fast Flux as a National Security Threat

On April 3, 2025, the National Security Agency (NSA), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and international partners—including Australia’s ASD, Canada’s CCCS, and New Zealand’s NCSC—issued a joint cybersecurity advisory highlighting the growing threat of "fast flux" techniques used by cyber actors. This method involves rapidly changing the IP addresses associated with a domain name, enabling cybercriminals and nation-state actors to conceal their activities and maintain resilient command-and-control infrastructures.

Fast flux techniques complicate efforts to track and block malicious activities, facilitating espionage, phishing campaigns, and distributed denial-of-service (DDoS) attacks. NSA Cybersecurity Director Dave Luber emphasized the severity of the threat, stating, "Fast flux is an ongoing, serious threat to national security, and this guidance shares important insight we’ve gathered about the threat." The advisory recommends that cybersecurity providers, especially Protective DNS (PDNS) services, implement a multi-layered detection approach to safeguard critical infrastructure and sensitive information.

Organizations, particularly within the Department of Defense and the Defense Industrial Base, are urged to leverage cybersecurity and PDNS services to block malicious activity associated with fast flux techniques. The NSA offers no-cost cybersecurity services, including PDNS, to Defense Industrial Base companies. For more detailed guidance, refer to the joint advisory titled "Fast Flux: A National Security Threat" and the updated info sheet on selecting a Protective DNS service.