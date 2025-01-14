Network Security, Vulnerability Management, Threat Intelligence

Ivanti VPN zero-day implicated in Nominet hack

Official .UK domain registry Nominet had its network compromised in an attack exploiting an Ivanti VPN zero-day flaw earlier this month, reports BleepingComputer.

Investigation into the incident is still underway but Nominet, which is among the major country code registries, was reported by ISPreview to not have determined any proof of backdoor injections. "...[W]e currently have no evidence of data breach or leakage. We already operate restricted access protocols and firewalls to protect our registry systems. Domain registration and management systems continue to operate as normal," said Nominet. Additional details regarding the vulnerability were not provided by Nominet but active exploitation of the Connect Secure zero-day, tracked as CVE-2025-0282, has been confirmed by Ivanti last week. Initial intrusions targeting Ivanti Connect Secure appliances impacted by CVE-2025-0282 facilitated the Spawn malware toolkit associated with the China-nexus cyberespionage operation UNC5337 before proceeding with the deployment of the newly emergent Phasejam and Dryhook payloads, according to Mandiant researchers.

