Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services.
The company attributed the campaign to a “sophisticated and organized group targeting hosting services.”
GoDaddy said in December 2022, it received an unspecified number of customer complaints about their websites getting sporadically redirected to malicious sites, which it later found was due to the unauthorized third party gaining access to servers hosted in its cPanel environment.
The threat actor “installed malware causing the intermittent redirection of customer websites,” the company said.
The ultimate objective of the intrusions, GoDaddy said, is to “infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”
In a related 10-K filing with the U.S. Securities and Exchange Commission (SEC), the company said the December 2022 incident is connected to two other security events it encountered in March 2020 and November 2021.
The 2020 breach entailed the compromise of hosting login credentials of about 28,000 hosting customers and a small number of its personnel.
Then in 2021, GoDaddy said a rogue actor used a compromised password to access a provisioning system in its legacy code base for Managed WordPress (MWP), affecting close to 1.2 million active and inactive MWP customers across multiple GoDaddy brands.