GoDaddy announced that a recent hacking incident that targeted its cPanel hosting servers is part of a “multi-year campaign” against the company.
The announcement provided details about the latest incident that took place in December 2022, targeting the services available to hosting users.
During the incident, an “unauthorized third party” installed malware and proceeded to intermittently redirect customers’ web sites to web sites hosting malicious content. Other such incidents took place in 2020 and again in 2021.
Said GoDaddy in a 10-K filing about the incident:
Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy. To date, these incidents as well as other cyber threats and attacks have not resulted in any material adverse impact to our business or operations, but such threats are constantly evolving, increasing the difficulty of detecting and successfully defending against them.
According to the GoDaddy press release on the hacking incident, GoDaddy has evidence confirmed by law enforcement, that this incident was carried out by a sophisticated and organized group targeting hosting services; their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.
GoDaddy refers to a “criminal organization” and its ongoing cooperation with “multiple law enforcement agencies around the world,” indicating that the criminal group is most likely located outside of the US.