Hosting big GoDaddy says it suffered a breach the place unknown attackers have stolen supply code and put in malware on its servers after breaching its cPanel shared internet hosting surroundings in a multi-year assault.

Whereas GoDaddy found the safety breach following buyer studies in early December 2022 that their websites had been getting used to redirect to random domains, the attackers had entry to the corporate’s community for a number of years.

“Based mostly on our investigation, we consider these incidents are a part of a multi-year marketing campaign by a classy menace actor group that, amongst different issues, put in malware on our programs and obtained items of code associated to some providers inside GoDaddy,” the internet hosting agency mentioned in an SEC submitting.

The corporate says that earlier breaches disclosed in November 2021 and March 2020 are additionally linked to this multi-year marketing campaign.

The November 2021 incident led to a knowledge breach affecting 1.2 million Managed WordPress clients after attackers breached GoDaddy’s WordPress internet hosting surroundings utilizing a compromised password.

They gained entry to the e-mail addresses of all impacted clients, their WordPress Admin passwords, sFTP and database credentials, and SSL non-public keys of a subset of lively shoppers.

After the March 2020 breach, GoDaddy alerted 28,000 clients that an attacker used their internet hosting account credentials in October 2019 to hook up with their internet hosting account through SSH.

GoDaddy is now working with exterior cybersecurity forensics consultants and regulation enforcement companies worldwide as a part of an ongoing investigation into the foundation explanation for the breach.

Hyperlinks to assaults concentrating on different internet hosting firms

GoDaddy says it additionally discovered further proof linking the menace actors to a broader marketing campaign concentrating on different internet hosting firms worldwide over time.

“We’ve got proof, and regulation enforcement has confirmed, that this incident was carried out by a classy and arranged group concentrating on internet hosting providers like GoDaddy,” the internet hosting firm mentioned in a press release.

“In line with data we’ve got obtained, their obvious objective is to contaminate web sites and servers with malware for phishing campaigns, malware distribution and different malicious actions.”

GoDaddy is without doubt one of the largest area registrars, and it additionally supplies internet hosting providers to over 20 million clients worldwide.

A GoDaddy spokesperson was not instantly accessible for remark when contacted by BleepingComputer earlier as we speak

Replace February 17, 12:59 EST: Added extra information on breaches linked to the multi-year marketing campaign concentrating on GoDaddy and different internet hosting corporations.