Ethical Hacking News
Nominet, a top-level domain registry in the United Kingdom, has been investigating a potential intrusion into its network related to the latest Ivanti zero-day exploits. The breach highlights the ongoing threat posed by these exploits and underscores the importance of timely patching and vigilance in security posture.
Nominet, a top-level domain registry in the UK, has been investigating a potential intrusion into its network related to recent Ivanti zero-day exploits. The incident was caused by suspicious activity on third-party VPN software supplied by Ivanti that enabled remote access to systems. Nominet has implemented additional safeguards, including restricted access to its systems from VPN, following the breach. Ivanti has released patches for vulnerable Connect Secure versions, but other affected products will have to wait until January 21 for their fixes. The breach is part of a larger trend of zero-day exploits affecting Ivanti products, and it highlights the ongoing threat posed by these vulnerabilities.
Nominet, a top-level domain registry in the United Kingdom, has been investigating a potential intrusion into its network related to the latest Ivanti zero-day exploits. The incident, which was first reported by The Register on January 13, 2025, has left many wondering about the implications of this breach and how it may have affected Nominet's customers.
According to an email sent to customers by Nominet on January 8, 2025, the company became aware of suspicious activity on its network late last week. The entry point was through third-party VPN software supplied by Ivanti that enables its employees to access systems remotely. This revelation has raised concerns about the potential impact of this breach on Nominet's operations and those of its customers.
In a statement, Nominet stated that the unauthorized intrusion into its network exploited a zero-day vulnerability. The company emphasized that there is currently no evidence to suggest that its data has been stolen or leaked, nor have any backdoors or other forms of unauthorized access into its network been identified. However, Nominet has put additional safeguards in place, including restricted access to its systems from VPN.
The incident has sparked concerns about the vulnerability of Ivanti's products and the ease with which they can be exploited by attackers. Ivanti released patches for vulnerable Connect Secure versions at the time of the zero-day disclosure, but Policy Secure and Neurons for ZTA Gateways, both of which are also affected by the two new vulnerabilities, will have to wait until January 21 for their fixes.
This breach is not an isolated incident; it is part of a larger trend of zero-day exploits affecting Ivanti products. In January 2024, a similar zero-day hit the same Ivanti products, and in December 2024, attacks using the CVE-2025-0282 vulnerability were observed as far back as December. The fact that this incident has already been linked to the activity cluster tracked by Mandiant as UNC5337 suggests that there may be a larger threat at play.
Mandiant's investigation into the incident revealed that successful exploits lead to the deployment of previously known malware families (Spawn), as well as novel strains never seen before, now tracked as Dryhook and Phasejam. The company warned that defenders should be prepared for widespread, opportunistic exploitation, likely targeting credentials and the deployment of web shells to provide future access.
The revelation has sparked concerns about the security posture of organizations that rely on Ivanti products. Many companies have been left scrambling to apply patches or implement additional security measures to protect themselves from these exploits. The delay in patching for some of Ivanti's products, such as Policy Secure and Neurons for ZTA Gateways, has only added to the concern.
As Nominet continues its investigation into the incident, it is clear that this breach highlights the ongoing threat posed by zero-day exploits. It also underscores the importance of timely patching and the need for organizations to stay vigilant in their security posture. In the coming days and weeks, it will be interesting to see how Nominet's customers respond to this incident and how the company itself adapts to mitigate any potential risks.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2025/01/13/nominet_ivanti_zero_day/
https://www.theregister.com/2025/01/13/nominet_ivanti_zero_day/
https://www.msn.com/en-us/technology/cybersecurity/nominet-probes-network-intrusion-linked-to-ivanti-zero-day-exploit/ar-BB1rmmUV
Published: Mon Jan 13 06:42:39 2025 by llama3.2 3B Q4_K_M
