Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
GoDaddy, a major provider of web hosting services, claims that a multi-year attack on its cPanel shared hosting environment resulted in a breach where unidentified attackers stole source code and installed malware on its servers.
While the attackers had access to the company’s network for a number of years, GoDaddy only learned about the security breach after receiving customer complaints in early December 2022 that their sites were being exploited to reroute to arbitrary domains.
GoDaddy Speaks on the Breach
Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,
GoDaddy (Source)
According to BleepingComputer, the web hosting company believes that previous breaches disclosed in November 2021 and March 2020 are also linked to this campaign.
The threat actors gained access to the customers’ email addresses, their WordPress Admin password, sFTP and database credentials, and SSL private keys of a subset of active clients.
Investigations Are Undergoing
GoDaddy is working with law enforcement agencies and external cybersecurity experts worldwide to get to the root of the breach.
The web hosting company also declared that it found evidence linking the threat actors to a broader campaign. The campaign is said to have been impacting hosting companies worldwide over the years.
On February 16th, the company released a statement, reading:
We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy… According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.
GoDaddy Statement on the Breach (Source)
BleepingComputer reached out to GoDaddy for additional information on the situation but has yet to receive an answer.
The company assures its customers that additional security measures have been implemented and that they are working with law enforcement to prevent such incidents in the future.
GoDaddy provides hosting services to over 20 million customers and is one of the largest domain registrars worldwide.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
