Web internet hosting big GoDaddy says it suffered a breach the place unknown attackers have stolen supply code and put in malware on its servers after breaching its cPanel shared internet hosting setting in a multi-year assault.
While GoDaddy found the safety breach following buyer experiences in early December 2022 that their websites have been getting used to redirect to random domains, the attackers had entry to the corporate’s community for a number of years.
“Based on our investigation, we imagine these incidents are a part of a multi-year marketing campaign by a classy risk actor group that, amongst different issues, put in malware on our programs and obtained items of code associated to some companies inside GoDaddy,” the internet hosting agency stated in an SEC submitting.
The firm says that earlier breaches disclosed in November 2021 and March 2020 are additionally linked to this multi-year marketing campaign.
The November 2021 incident led to an information breach affecting 1.2 million Managed WordPress clients after attackers breached GoDaddy’s WordPress internet hosting setting utilizing a compromised password.
They gained entry to the e-mail addresses of all impacted clients, their WordPress Admin passwords, sFTP and database credentials, and SSL non-public keys of a subset of lively shoppers.
After the March 2020 breach, GoDaddy alerted 28,000 clients that an attacker used their internet hosting account credentials in October 2019 to hook up with their internet hosting account through SSH.
GoDaddy is now working with exterior cybersecurity forensics consultants and legislation enforcement companies worldwide as a part of an ongoing investigation into the foundation reason for the breach.
Links to assaults concentrating on different internet hosting firms
GoDaddy says it additionally discovered extra proof linking the risk actors to a broader marketing campaign concentrating on different internet hosting firms worldwide through the years.
“We have proof, and legislation enforcement has confirmed, that this incident was carried out by a classy and arranged group concentrating on internet hosting companies like GoDaddy,” the internet hosting firm stated in a press release.
“According to data we’ve got obtained, their obvious aim is to contaminate web sites and servers with malware for phishing campaigns, malware distribution and different malicious actions.”
GoDaddy is likely one of the largest area registrars, and it additionally offers internet hosting companies to over 20 million clients worldwide.
A GoDaddy spokesperson was not instantly obtainable for remark when contacted by BleepingComputer earlier right this moment
Update February 17, 12:59 EST: Added extra information on breaches linked to the multi-year marketing campaign concentrating on GoDaddy and different internet hosting corporations.