GoDaddy employees were targeted with a social engineered, phishing campaign, in crypto-motivated attacks last week, leading them to give access to the domain Liquid.com and its account.
This latest campaign appears to have taken place around November 13, with an attack on cryptocurrency trading platform Liquid.com.
According to KrebsOnSecurity:
” … GoDaddy that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,” Liquid CEO Kayamori said in a blog post.
“This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”
In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam.
Liquid.com detailed the events of the incident in a corporate blog post, and you can read more details about the incident here.
Story kudos: Araf.
