Bulletproof_Defense_Mitigating_Risks_from_Bulletproof_Hosting_Providers_508c信息安全资料 .docxVIP

TLP:CLEAR

BulletproofDefense:MitigatingRisksFromBulletproofHostingProviders

Publication:November19,2025

U.S.CybersecurityandInfrastructureSecurityAgencyU.S.NationalSecurityAgency

U.S.DepartmentofDefenseCyberCrimeCenterU.S.FederalBureauofInvestigation

AustralianSignalsDirectorate’sAustralianCyberSecurity

Centre

CanadianCentreforCyberSecurityNetherlandsNationalCyberSecurityCentreNewZealandNationalCyberSecurityCentre

UnitedKingdomNationalCyberSecurityCentre

ThisdocumentismarkedTLP:CLEAR.Disclosureisnotlimited.SourcesmayuseTLP:CLEARwheninformationcarriesminimalornoforeseeableriskofmisuse,inaccordancewithapplicablerulesandproceduresforpublicrelease.Subjecttostandardcopyrightrules,TLP:CLEARinformationmaybedistributedwithoutrestriction.FormoreinformationontheTrafficLightProtocol,seeTrafficLightProtocol(TLP)DefinitionsandUsage.

TLP:CLEAR

BulletproofDefense:MitigatingRisksFromBulletproofHostingProviders TLP:CLEARCISA|NSA|DC3|FBI|ASD’sACSC|CyberCentre|NCSC-NL|NCSC-NZ|NCSC-UK

Introduction

ThisdocumentwasdevelopedthroughtheJointRansomwareTaskForce(JRTF),aU.S.interagencybodyestablishedbyCongressintheCyberIncidentReportingforCriticalInfrastructureActof2022(CIRCIA)toensureunityofeffortincombatingthegrowingthreatofransomwareattacks.

Thisdocumentprovidesinternetserviceproviders(ISPs)andnetworkdefendersrecommendationstomitigatepotentialcybercriminalactivityenabledbybulletproofhosting(BPH)providers.ThisdocumentisauthoredbytheCybersecurityandInfrastructureSecurityAgency(CISA)andthefollowingpartners:1

?U.S.NationalSecurityAgency(NSA)

?U.S.DepartmentofDefenseCyberCrimeCenter(DC3)?U.S.FederalBureauofInvestigation(FBI)

?AustralianSignalsDirectorate’sAustralianCyberSecurityCentre(ASD’sACSC)?CanadianCentreforCyberSecurity(CyberCentre