Hackers Breach UK’s Largest Domain Registry Using Critical Ivanti Zero-Day Flaw

Hackers Breach UK's Largest Domain Registry Using Critical Ivanti Zero-Day Flaw

Nominet Network Breach: Major UK Domain Registry Hit by Ivanti VPN Vulnerability

Nominet, the UK’s largest domain registry managing over 11 million domains including .uk, .co.uk, and .gov.uk, has confirmed a network breach through an Ivanti VPN zero-day vulnerability. The incident occurred two weeks ago, affecting the organization responsible for critical domain infrastructure.

The breach exploited a critical vulnerability (CVE-2025-0282) in Ivanti Connect Secure VPN software, which enables remote system access. While Nominet has detected suspicious activity, investigations have found no evidence of data breaches or backdoor installations. The company has implemented additional security measures, including VPN access restrictions, and notified relevant authorities including the National Cyber Security Centre (NCSC).

Security researchers link the attacks to suspected Chinese hackers, specifically the UNC5337 group, who began exploiting the vulnerability in mid-December. The attackers deployed sophisticated malware tools including Spawn, Dryhook, and Phasejam on compromised systems. Over 3,600 ICS appliances were exposed online when Ivanti released a patch.

Despite the breach, Nominet confirms that domain registration and management systems continue to operate normally, protected by existing restricted access protocols and firewalls. Ivanti has since developed and released patches, urging customers to implement security updates immediately to protect their systems.

Share This Article