GoDaddy confirms sophisticated cyber attack on servers, leading to intermittent website redirections

On Thursday, web hosting provider GoDaddy announced that an unauthorized party had infiltrated its servers and inserted malware, resulting in the intermittent rerouting of client websites. In a blog post, the company stated that it received a small number of customer complaints about intermittent redirection in early December 2022. Following verification of the attack, GoDaddy took action to correct the situation and strengthen security in order to prevent further incidents. GoDaddy reported that the intrusion was carried out by a “sophisticated and organized” group targeting multiple hosting services and confirmed with law enforcement that the group’s objective was to implant websites and servers with malware for phishing attacks and other nefarious purposes.

According to Brad Hong, a customer success lead at Horizon3.ai, the attackers did not hack their way into GoDaddy but instead used known compromised credentials to gain entry and establish points for reentry. The company has urged its customers to check their own websites and rely on GoDaddy's security team, despite the trust breach, offering them free website security deluxe and express malware removal services. Meanwhile, GoDaddy filed a 10-K form with the US Securities and Exchange Commission (SEC), revealing more details about the breach. Recently, a malicious campaign targeted victims across the Middle East and North Africa, using public cloud hosting services to host malicious CAB files and themed lures to encourage Arabic speakers to open infected files.