Vulnerability was exploited as a zero-day.
Nominet has confirmed that it has experienced a cybersecurity incident that is linked to the recent Ivanti vulnerability.
The UK domain registry, which maintains the .co.uk domains, warned of an “ongoing security incident” which was under investigation in an email to customers, seen by TechCrunch.
The company said attackers accessed its systems via “third-party VPN software supplied by Ivanti,” adding that the intrusion “exploited a zero-day vulnerability,” giving Nominet no time to apply patches.
Nominet is the first organisation to publicly confirm it has been affected by the Ivanti bug. It said it currently has “no evidence of data breach or leakage” and said it has restricted access to the VPN software while it investigates the incident.
In an email to SC UK, a spokesperson for Ivanti, said: "Consistent with our commitment to supporting customers, we are working closely with Nominet and the relevant authorities to provide all necessary support. We strongly urge all customers to follow the guidance outlined in our security advisory to ensure their systems are protected.
"We appreciate the trust our customers place in us. We are committed to their security and to continuously improving our products and processes, in collaboration with the broader security ecosystem."
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
