In a multi-year intrusion, Web hosting platform GoDaddy has revealed that cyber-criminals gained access to its systems, installed malware on its network and stolen parts of its source code.
In order to further investigate the issue, the company said that it is working with multiple law enforcement agencies around the world, in addition to forensics experts.
GoDaddy Targeted by Cyber Criminals
The company said in a statement that “We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organised group targeting hosting services like GoDaddy”.
The hackers’ goal was to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities. GoDaddy revealed in a US Securities and Exchange Commission (SEC) filing that it believes the hackers are the same group that it found inside the company’s networks in March 2020.
In the month of December 2022, GoDaddy became aware of the intrusion when it started receiving a small number of customer complaints about their websites being intermittently redirected.
Upon receiving these complaints, it investigated and found that the intermittent redirects were happening on seemingly random websites hosted on its “cPanel shared hosting servers and were not easily reproducible by GoDaddy, even on the same website”.
GoDaddy Takes a Learning from This Attack
In an effort to prevent future infections, post the confirmation of intrusion, it remediated the situation and implemented security measures.
It said that “We are using lessons from this incident to enhance the security of our systems and further protect our customers and their data”.
In November 2021, the global web hosting platform GoDaddy had revealed that nearly 1.2 million of its WordPress customers’ sensitive information were compromised. GoDaddy had warned users that this exposure can put users at greater risk of phishing attacks.