GoDaddy, a well-known provider of web hosting services, has disclosed a multi-year operation that led to a security breach and was focused on its cPanel shared hosting environment. After obtaining entry to the system, the unidentified attackers grabbed source code and installed malware on the company’s servers.
According to GoDaddy, the hackers’ ultimate goal is to “infect websites and servers with malware for phishing operations, malware distribution, and other harmful activities “Malware was “installed” by the threat actor, resulting in “intermittent redirection of client websites.”
The hosting provider GoDaddy stated in a Securities and Exchange Commission (SEC), filing that “based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that among other things installed malware on our systems and obtained pieces of code related to some services within GoDaddy.”
However, as part of its continuing investigation into the incident, GoDaddy is teaming up with external cybersecurity forensics specialists and law enforcement authorities throughout the globe. GoDaddy claims it has discovered new information that connects the threat actors to a global effort against many hosting providers.
Read also: 5 internet virus prevention tips for 2023
GoDaddy’s Security challenge
In a statement by the company, it explained, “We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy,” the hosting company said in a statement. According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”
Even though the web host has been breached, GoDaddy was not aware of the situation until it was alerted by its customers in early December 2022, when they saw their websites were being redirected to unknown domains. The attackers had gained access to GoDaddy’s network for years.
Previous breaches revealed in March 2020 and November 2021, according to the company, are also tied to this multi-year operation. In the November 2021 incident, attackers gained access to GoDaddy’s WordPress hosting environment through a hacked password, resulting in a data breach that affected 1.2 million Managed WordPress clients.
The 2020 breach entailed the compromise of the hosting login credentials of about 28,000 hosting customers and a small number of its personnel. Subsequently, in 2021, GoDaddy reported that an unauthorized third party had accessed a provisioning system in the company’s legacy code base for Managed WordPress (MWP), potentially impacting almost 1.2 million MWP customers across numerous GoDaddy brands. All of the affected customers’ email addresses, as well as the sFTP, database, and SSL private keys of some current clients, were compromised.
About the company
GoDaddy is one of the largest domain registrar platforms for entrepreneurs around the globe. We’re on a mission to empower our worldwide community of 20+ million customers and entrepreneurs everywhere by giving them all the help and tools they need to grow online.
It offers tools for building professional websites and a wide range of other services like eCommerce solutions, SSL certificates, professional business email, and website builders, among others.