- Nominet warns customers about a recent cyberattack
- The company says the attackers abused an Ivanti zero-day
- So far, there is no evidence of data tampering or backdoor dropping
Top domain registrar company Nominet has warned its customers of a cyberattack it suffered due to a zero-day vulnerability in Ivanti VPN products.
Citing a letter being sent to affected individuals, The Register claims the company suggests the criminals may have made their way in using the recently-highlighted Ivanti security flaws.
“The entry point was through third-party VPN software supplied by Ivanti that enables our people to access systems remotely.” the letter apparently reads. “The unauthorized intrusion into our network exploited a zero-day vulnerability.”
Abusing a zero-day
Nominet says it has not yet found any evidence of data leaks, or theft, and says that the attackers did not plant any backdoors or other malware onto its systems.
“Aided by external experts, our investigation continues, and we have put additional safeguards in place, including restricted access to our systems from VPN,” it said.
The company confirmed its systems are operating normally and that the attack did not cause any significant disruption.
While it was not specifically mentioned, The Register speculates the attackers could have abused CVE-2025-0282, a zero-day recently found in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.
Ivanti had recently warned customers of a critical vulnerability impacting its VPN appliances being actively exploited in the wild to drop malware. In a security advisory, the company said it uncovered two vulnerabilities recently – CVE-2025-0282 and CVE-2025-0283, both of which are impacting Ivanti Connect Secure VPN appliances.
The former was given a severity score of 9.0 (critical), and is described as an unauthenticated stack-based buffer overflow. “Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network,” it was said.
The company urged customers to apply the patch immediately, and provided further details about the threat actors and their tools.
Via The Register
Leave a comment