Summary: Ransomware gangs and Russian government hackers are increasingly using the “fast flux” technique to conceal the infrastructure used in cyberattacks, making it harder for law enforcement and defenders to track and block them. This method involves rapidly changing DNS records associated with a domain, complicating detection and blocking efforts. The advisory highlights the growing adoption of this tactic among different threat actors, including ransomware groups and nation-state hackers.
Affected: Cybersecurity agencies in the U.S., Australia, Canada, and New Zealand
Keypoints :
- Fast flux allows cybercriminals to rapidly change domain DNS records, obscuring malicious activity.
- Both single flux and double flux variants are used to enhance redundancy and anonymity of malicious domains.
- The resurgence of fast flux techniques has raised concerns among cybersecurity professionals regarding its adaptation by nation-state actors.
Source: https://therecord.media/us-australia-canada-warn-of-fast-flux-ransomware-rusia