GoDaddy has revealed that the recent cyberattack directed towards its cPanel hosting servers is part of a bigger scheme against the company, potentially spanning several years.



The incident, which took place in December 2022, aimed to compromise hosting users by installing malware and redirecting their websites to malicious sites intermittently.

This is not the first attack perpetrated against GoDaddy; previous ones occurred in 2020 and 2021. According to GoDaddy, these incidents were orchestrated by a sophisticated threat actor group and involved malware installation, among other things. The company believes that these attacks have not resulted in any significant adverse effects on their business or operations, but GoDaddy acknowledges the ever-evolving nature of cyber threats and their increasing difficulty to detect and defend.

GoDaddy confirmed that law enforcement agencies are working on this case, and it seems that the criminal organization responsible for the attacks is located outside the US. The ultimate goal of the group seems to be compromising websites and servers through malware distribution and phishing campaigns, among other malicious activities.

GoDaddy, one of the world's biggest domain name registrars and hosters, reported yet another attack on its systems. The discovery prompted an investigation that found the company had suffered similar incidents several years prior. The attackers had unrestricted access to GoDaddy's servers, allowing them to install malware and steal the source code.

The breach first came to light in December 2022 after clients complained of random domain redirections. The probe revealed a "multi-year campaign" by sophisticated attackers who were able to infiltrate some of GoDaddy's services by installing malware. The same malware then redirected some customers' sites to malicious ones intermittently. Other incidents occurred in November 2021 and March 2020, and the company believes they are also linked to the group responsible for the latest attack.

In 2021, GoDaddy faced a data leak after 1.2 million WordPress-based sites were compromised. Meanwhile, in 2020, it informed 28,000 clients that attackers had logged into their hosting accounts using credentials and SSH. GoDaddy has evidence that this group of hackers is part of a bigger campaign aimed at hosting companies worldwide, and its apparent objective is to infect websites with malware for phishing campaigns and other malicious activities.

In response, GoDaddy has enlisted third-party security experts to help with the ongoing investigation while cooperating with law enforcement agencies to track down the attackers.

It was reported that GoDaddy, a popular internet domain registrar and web hosting company, had been hacked in a sophisticated, multi-year attack. The incident involved unauthorized access to customer accounts and the modification of DNS settings, which allowed the attackers to redirect domains to malicious websites.

The attackers were able to gain initial access by compromising the credentials of GoDaddy employees. They then used these credentials to access customer accounts and make changes to the DNS settings, essentially hijacking the affected domains. This type of attack is known as domain hijacking or DNS hijacking.

GoDaddy acknowledged the breach and stated that a small number of customer accounts had been impacted. They took immediate action to address the issue, including notifying affected customers and resetting their account credentials.

While the exact motive behind the attack is unclear, it is believed that the hackers aimed to carry out phishing campaigns, distribute malware, or engage in other fraudulent activities. Domain hijacking can be highly lucrative for attackers, as it allows them to gain control over legitimate websites and use them for malicious purposes.

This incident highlights the importance of strong security measures, such as multi-factor authentication and regular monitoring of DNS settings, for both individuals and organizations using GoDaddy's services. It also serves as a reminder to be cautious about providing sensitive information online and to regularly review and update account credentials to help mitigate the risk of unauthorized access.