Fast Flux: A National Security Threat

This joint advisory from NSA, CISA, FBI, ASD/ACSC, CCCS and NCSC-NZ warns that fast flux — rapidly rotating DNS records and, in double flux, frequently changing name servers — is being used by cybercriminals and APTs to obscure C2, sustain phishing sites, and enable bulletproof hosting; it defines single- and double-flux, cites observed abuse (including ransomware and Gamaredon), and provides practical detection (DNS entropy, TTL analysis, IP/geolocation inconsistency, flow data, reputational feeds) and mitigation guidance (blocking/sinkholing, reputational filtering, enhanced logging, information sharing, and phishing awareness) for ISPs, PDNS providers, and organizations.