Nominet, the official registry for .UK domains and one of the largest country code registries globally, have confirmed a network breach linked to a zero-day vulnerability in Ivanti VPN software.
The attack discovered two weeks ago, targeted the VPN software that facilitates remote access to Nominet’s systems.
The organization, which oversees more than 11 million domain names, including .uk, .co.uk, and .gov.uk, stated there is no evidence of backdoors or data leakage following the breach. Operations, including domain registration and management systems, continue to function as normal. Nominet has notified relevant authorities, including the UK’s National Cyber Security Centre (NCSC), and has restricted VPN access as a precaution.
The exploited vulnerability tracked as CVE-2025-0282, has been linked to suspected Chinese hackers using custom malware tools such as Spawn, Dryhook, and Phasejam, according to Mandiant. Ivanti, which released a patch for the zero-day last week, emphasized its commitment to customer security and urged users to apply the update immediately.
Nominet previously operated the UK’s Protective Domain Name Service (PDNS) on behalf of the NCSC until September 2024, safeguarding over 1,200 organizations and 7 million users. The breach highlights growing concerns over advanced persistent threats targeting critical infrastructure via VPN vulnerabilities, emphasizing the importance of timely patch management and robust cybersecurity practices.
