- ITDM 2025 전망 | 금융 플랫폼 성패, 지속가능한 사업 가치 창출에 달렸다” KB국민카드 이호준 그룹장
- “고객경험 개선하고 비용은 절감, AI 기반까지 마련” · · · AIA생명의 CCM 프로젝트 사례
- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
- These Sony headphones eased my XM5 envy with all-day comfort and plenty of bass
GoDaddy Announces Source Code Stolen and Malware Installed in Breach
Web hosting company GoDaddy has revealed that an unauthorized party gained access to its servers and installed malware, causing the intermittent redirection of customer websites.
“In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected,” the company wrote in a blog post on Thursday.
“Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.”
GoDaddy added that working with law enforcement, the company has confirmed the attack was executed by a “sophisticated and organized group” targeting various hosting services.
“According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.”
Brad Hong, customer success lead at Horizon3.ai, said that attackers did not “hack” their way into GoDaddy but instead used known compromised credentials to log in and leave vectors for reentry.
“This supposed multi-year advanced persistent threat actor group remained undetected for so long following remediation and mitigation measures from GoDaddy’s numerous past data breach incidents,” Hong told Infosecurity in an email.
“As standard, GoDaddy pushed the onus for action right back to its consumers, advising them to audit their own websites and trust GoDaddy’s security team after trust was broken, all while offering them free ‘website security deluxe and express malware removal’ services instead of fortifying their own kingdom time and time again. Maybe they should’ve used it themselves?”
GoDaddy shared more information about the breach in a 10-K form filed on Thursday with the US Securities and Exchange Commission (SEC).
The incident comes weeks after a malicious campaign targeting victims across the Middle East and North Africa was spotted using public cloud hosting services to host malicious CAB files and themed lures to spur Arabic speakers into opening infected files.