GoDaddy admits to another data breach as hackers install malware

Posted on February 20, 2023 at 9:14 AM

GoDaddy admits to another data breach as hackers install malware

The website servers of GoDaddy were the latest victim of a hacking attack. Threat actors obtained access to the company’s servers and installed malware. The malware was used to trigger intermittent redirections on the customer’s website.

GoDaddy servers breached

GoDaddy is one of the largest web hosting companies globally. The company has now issued an alert about a hacking attempt at the company where threat actors stole the source code and used it to install malware on its servers. The malware was installed after a breach on its cPanel shared hosting environment. The GoDaddy breach is believed to have happened for several years.

GoDaddy detected this breach after reports from its customers in December last year. According to GoDaddy, the company’s sites were being used by threat actors to redirect users to random domains. The attackers managed to maintain control over the company’s network for several years.

GoDaddy shared comprehensive details about this breach in a filing with the US Securities and Exchange Commission (SEC). The web hosting company said that its investigations had shown that the hacking incidents were part of a multi-year campaign conducted by a threat actor group.

According to GoDaddy, this threat actor group installed malware on the company’s systems and gained access to the code linked to some of the services provided by the company. In the SEC Filing, the company also said that the previous breaches on the company disclosed on March 2020 and November 2021 were related to the multi-year campaign against the company.

In November 2021, GoDaddy reported that a data breach in the company had affected 1.2 million Managed WordPress customers. This breach occurred after the threat actors obtained access to the WordPress hosting environment of GoDaddy. They gained access to the email addresses of the affected customers, the WordPress Admin passwords, sFTP and database credentials, and the SSL private keys of the active clients.

In March 2020, GoDaddy also suffered another attack. At the time, it issued alerts to 28,000 customers, informing them that a threat actor had used their web hosting account credentials in October of the previous year to link to their hosting accounts using SSH.

GoDaddy has already engaged the services of cybersecurity experts to address this breach. The company is working with cybersecurity experts and law enforcement authorities globally to address the matter. The web hosting company is working with these companies to identify the root cause of this breach.

GoDaddy breach associated with other web hosting companies

According to GoDaddy, there was evidence showing that the threat actors that had infiltrated the company were the same ones who targeted other web hosting companies globally in recent years.

The statement issued by the company on the matter said, “We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy.”

The company has said that the customers affected by this breach have already been notified. Moreover, the services of regulators were being sought despite a resolution and an outcome on this matter remaining uncertain.

The company noted that the information gathered so far about this incident shows that the main objective behind the breach was installing malware on servers and websites to conduct phishing campaigns and distribute malware. The hackers also used these breaches to conduct a variety of malicious activities.

The web hosting company has also said it would continue to monitor these hackers’ behavior and block any further attempts to breach its servers. The web hosting company further said that it was actively gathering evidence and information about the tactics deployed by the threat actors and the techniques used to assist law enforcement in investigations.

Nevertheless, the company’s investigations into the matter and any assurances given to users have not raised hopes that users will be safe have yet to be met with enthusiasm, given that this is around the third time that GoDaddy servers have been breached by the same threat actor group.

Nevertheless, this breach has been reported when hacking attacks have increased. Hackers have been attempting to gain unauthorized access to several systems, including those of US departments. The rise in hacking campaigns is attributed to Russian hacktivist groups. These groups have been targeting countries and institutions believed to support Ukraine in the ongoing war with Russia.

Summary
GoDaddy admits to another data breach as hackers install malware
Article Name
GoDaddy admits to another data breach as hackers install malware
Description
The website servers of GoDaddy were the latest victim of a hacking attack. Threat actors obtained access to the company's servers and installed malware. The malware was used to trigger intermittent redirections on the customer's website.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading