An official website of the United States government
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | Nov. 19, 2025

NSA Joins CISA and Others to Release Guidance on Mitigating Malicious Activity from Bulletproof Hosting Provider Infrastructure

FORT MEADE, Md. – The National Security Agency (NSA) is joining the Cybersecurity and Infrastructure Security Agency (CISA) and others to release the Cybersecurity Information Sheet (CSI), “Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers,” to provide internet service providers (ISPs) and network defenders recommendations to mitigate potential cybercriminal activity enabled by bulletproof hosting (BPH) providers.

BPH providers are internet infrastructure providers that knowingly and intentionally market and lease their infrastructure to cybercriminals. These providers do not engage in good faith with legal processes or third-party/victim complaints of malicious activity enabled from such infrastructure. Cybercriminals are increasingly utilizing BPH infrastructure as it allows them to evade law enforcement and conduct malicious operations against critical infrastructure, financial institutions, and other high-value targets without fear of losing access to their servers.

The CSI provides information on mitigating cybercriminal activity enabled by BPH providers through a nuanced approach; because BPH infrastructure is integrated into legitimate internet infrastructure systems, certain actions from defenders may impact legitimate activity. 

The authoring agencies urge ISPs and network defenders to implement the outlined mitigation strategies to block malicious traffic, decrease the utility of BPH infrastructure, and force cybercriminals onto legitimate infrastructure. Before applying the recommendations, ISPs and network defenders should weigh the associated risks, ensuring that actions taken do not unduly impact legitimate infrastructure.

Also co-sealing are the DoD Cyber Crime Center (DC3); Federal Bureau of Investigation; Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC); Canadian Centre for Cyber Security (Cyber Centre); Netherlands National Cyber Security Centre (NCSC-NL); New Zealand National Cyber Security Centre (NCSC-NZ); and United Kingdom National Cyber Security Centre (NCSC-UK). 

Read the full report here.

Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations
MediaRelations@nsa.gov
443-634-0721


 

Related Press Advisories

NSA, CISA, and Others Release a Shared Vision of Software Bill of Materials (SBOM)
NSA and Others Provide Guidance to Counter China State-Sponsored Actors Targeting Critical Infrastructure Organizations
CSI Bulletproof Hosting Provider BPH Autonomous System Number ASN cybercrime cybercriminals ransomware
Hosted by Defense Media Activity - WEB.mil Veterans Crisis Line number. Dial 988 then Press 1