Nominet, the U.Okay. area registry that maintains .co.uk domains, has skilled a cybersecurity incident that it confirmed is linked to the current exploitation of a brand new Ivanti VPN vulnerability.
In an electronic mail to prospects, seen by TechCrunch, Nominet warned of an “ongoing safety incident” beneath investigation.
Nominet stated hackers accessed its techniques by way of “third-party VPN software program provided by Ivanti,” including that the intrusion “exploited a zero-day vulnerability,” giving Nominet no time to use patches.
Ivanti confirmed final week that hackers have been exploiting a vulnerability in Connect Secure, its broadly used enterprise VPN equipment, to interrupt into prospects’ networks. Ivanti hasn’t stated what number of prospects are affected, however cybersecurity agency watchTowr Labs instructed TechCrunch that it has seen “widespread” compromises.
Nominet, which is the primary group to publicly affirm it has been affected by the Ivanti bug, stated it presently has “no proof of information breach or leakage.” The firm added that it has restricted entry to the VPN software program whereas it investigates the incident.
