GoDaddy, a major provider of web hosting services, claims that a multi-year attack on its cPanel shared hosting environment resulted in a breach where unidentified attackers took source code and put malware on its servers.
Even though the attackers had access to the company’s network for a while, GoDaddy didn’t become aware of the security hole until after getting customer complaints in early December 2022 about how their websites were being used to reroute to random domains.
According to information the hosting company provided in a filing with the SEC, Based on our analysis, we think that these instances are a result of a multi-year operation by a skilled threat actor group that, among other things, infected our systems with malware and acquired bits of code for several GoDaddy services.
The firm claims that prior breaches that were revealed in March 2020 and November 2021, respectively, related to this multi-year operation. Data from 1.2 million Managed WordPress clients was compromised in November 2021 as a result of an assault on GoDaddy’s WordPress hosting environment using a stolen password.
Email addresses of all impacted users, WordPress admin passwords, sFTP and database login credentials, and SSL private keys for a subset of current users were all exposed.
Hackers Infect GoDaddy’s Servers And Websites With Malware
GoDaddy informed 28,000 clients of the March 2020 breach that an attacker had exploited their web hosting account credentials to log on to their hosting account through SSH in October 2019.
As part of a continuing investigation into the cause of the breach, GoDaddy is now collaborating with external cybersecurity forensics specialists and law enforcement authorities throughout the world.
GoDaddy claims to have discovered more evidence connecting the threat actors to a larger effort launched over time and targeted other hosting providers worldwide.
“We have evidence, and law enforcement has corroborated,” the hosting provider said in a statement. “This attack was carried out by a skilled and coordinated gang targeting hosting services like GoDaddy.”
According to the evidence we’ve received, their obvious objective is to infect servers and websites with malware for phishing operations, malware distribution, and other illegal activities. GoDaddy also offers hosting services to more than 20 million clients globally.
Conclusion
Leading web host GoDaddy has disclosed a security incident in which unidentified attackers gained access to its shared hosting environment using cPanel. Over the course of a protracted attack that lasted several years, the culprits successfully stole source code and put malware on GoDaddy’s servers.
Despite the fact that GoDaddy was made aware of this security breach by customer reports in the first few days of December 2022, the attackers had already acquired access to the company’s network for a number of years. The criminals were able to utilize compromised websites during this time to divert visitors to numerous unidentified domains. GoDaddy provides hosting services to more than 20 million users worldwide as one of the biggest domain registrars in the world.
