- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- Change these 10 iOS settings right now to instantly get better iPhone battery life
- How to clear the cache on your Windows 11 PC (and why you shouldn't wait to do it)
- These Sony headphones deliver premium sound and comfort - without the premium price
- The LG soundbar I prefer for my home theater slaps with immersive audio - and it's not the newest model
GoDaddy Announces Source Code Stolen and Malware Installed in Breach
Web hosting company GoDaddy has revealed that an unauthorized party gained access to its servers and installed malware, causing the intermittent redirection of customer websites.
“In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected,” the company wrote in a blog post on Thursday.
“Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.”
GoDaddy added that working with law enforcement, the company has confirmed the attack was executed by a “sophisticated and organized group” targeting various hosting services.
“According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.”
Brad Hong, customer success lead at Horizon3.ai, said that attackers did not “hack” their way into GoDaddy but instead used known compromised credentials to log in and leave vectors for reentry.
“This supposed multi-year advanced persistent threat actor group remained undetected for so long following remediation and mitigation measures from GoDaddy’s numerous past data breach incidents,” Hong told Infosecurity in an email.
“As standard, GoDaddy pushed the onus for action right back to its consumers, advising them to audit their own websites and trust GoDaddy’s security team after trust was broken, all while offering them free ‘website security deluxe and express malware removal’ services instead of fortifying their own kingdom time and time again. Maybe they should’ve used it themselves?”
GoDaddy shared more information about the breach in a 10-K form filed on Thursday with the US Securities and Exchange Commission (SEC).
The incident comes weeks after a malicious campaign targeting victims across the Middle East and North Africa was spotted using public cloud hosting services to host malicious CAB files and themed lures to spur Arabic speakers into opening infected files.
