Home
 » ISP News » 
Sponsored Links

UK Internet Domain Registry Nominet Suffers Cyber Attack

Thursday, Jan 9th, 2025 (11:25 am) - Score 3,440
Internet and UK Telecoms Security Picture

The UK internet domain registry, Nominet, has confirmed to ISPreview that their network has suffered an “unauthorised intrusion” after hackers exploited a “zero-day vulnerability” in the Virtual Private Network (VPN) software they use, which is supplied by Ivanti and enables their people to access systems remotely.

ISPreview first became aware of a problem yesterday after the UK Government’s National Cyber Security Centre (NCSC) put out an urgent bulletin that encouraged organisations to “take immediate action” to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS), Policy Secure and ZTA Gateways (CVE-2025-0282 and CVE-2025-0283).

On top of that, Ivanti themselves said they were “aware of active exploitation” affecting their software, although at the time it was not known who or how many organisations had been targeted. But it was known that this had started “beginning mid-December 2024“.

Advertisement

NCSC Description of the Critical Vulnerabilities

CVE-2025-0282 – A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

CVE-2025-0283 – A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

In addition, Google Cloud has also put out a detailed advisory on the vulnerabilities, which adds a lot more context. But unfortunately, it appears as if the UK’s registry for internet domains, Nominet, is one of those organisations to have been attacked, and they’ve shared the following customer notice with us.

Important security update (Nominet)

We want to update you about an ongoing security incident that is currently under investigation.

We became aware of suspicious activity on our network late last week. The entry point was through third-party VPN software supplied by Ivanti that enables our people to access systems remotely.

However, we currently have no evidence of data breach or leakage. We already operate restricted access protocols and firewalls to protect our registry systems.

The unauthorised intrusion into our network exploited a zero-day vulnerability.

As you will recognise, these incidents are always fast-moving and require investigation – but we have NOT uncovered any backdoors or routes onto our network. Aided by external experts, our investigation continues, and we have put additional safeguards in place, including restricted access to our systems from VPN.

Domain registration and management systems continue to operate as normal.

As well as informing members and customers, we have reported this incident to the relevant authorities, including NCSC.

Ivanti has made available patches to address this vulnerability which we are implementing. Those also using Ivanti’s VPN services are encouraged to patch their software immediately.

We will update you when our investigation concludes, or as necessary.

Nominet will not be the only organisation to be dealing with the headaches that have resulted from the latest situation. Sadly, this is not the first time that Ivanti’s VPN solution has faced serious security problems (example), which appears to have been promptly exploited by “Chinese state-sponsored threat actors.”

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and .
Search ISP News
Search ISP Listings
Search ISP Reviews
Comments
2 Responses

Advertisement

  1. Avatar photo Name says:

    haha Ivanti aka PulseSecure and security… but to be fair PaloAlto and Fortinet are not better. Thanks for sharing I can now add Nominet to my blacklist.

    1. Avatar photo Ben says:

      Does that mean that you won’t visit any .uk websites again? 😀

Leave a Reply

Your email address will not be published. Required fields are marked *

NOTE: Your comment may not appear instantly (it may take several hours) due to static caching or random moderation checks by the anti-spam system.
Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £23.00
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £23.50
132Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: None
NOW UK ISP Logo
NOW £26.00
100Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
BeFibre UK ISP Logo
BeFibre £19.00
150Mbps
Gift: None
Gigaclear UK ISP Logo
Gigaclear £19.00
300Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £23.00
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (6107)
  2. BT (3674)
  3. Politics (2756)
  4. Business (2459)
  5. Openreach (2430)
  6. Building Digital UK (2352)
  7. Mobile Broadband (2178)
  8. FTTC (2090)
  9. Statistics (1933)
  10. 4G (1838)
  11. Virgin Media (1793)
  12. Ofcom Regulation (1604)
  13. Fibre Optic (1480)
  14. Wireless Internet (1471)
  15. 5G (1433)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon