Godaddy News: Hoster was a target of hackers for years

According to its own information, the Godaddy hosting platform has been the target of hacker attacks by the same group for years. They wanted to seize data and install malware on the servers.

What is Godaddy ?

The Godaddy web hosting platform is one of the largest of its kind. Now it comes to light that it has been the target of the same group of hackers for years – with the aim of stealing customer data and installing malware on the servers.

What came to light was the company itself. And it did so in a 10-K form filed with the U.S. Securities and Exchange Commission along with the company’s annual report.

There, Godaddy writes: “Based on our investigation, we believe these incidents are part of a multi-year campaign by an organized group of threat actors who, among other things, installed malware on our systems and obtained portions of code related to some services within Godaddy.”

Large-scale phishing campaigns

According to Godaddy, other web hosts were also targeted by the same group. With the attacks, these wanted to install malware to phishing campaigns on the servers. The data thus obtained is then used to gain access to sensitive information, for example.

However, it remains unclear which other hosters were also targeted.

Tasteless against phishing

Some time ago, Godaddy launched a campaign to prepare its own employees for phishing attacks. However, this had a very insipid aftertaste. In an email to employees, the company announced bonuses for employees at the end of 2020, the Corona year.

All they had to do for this, it said, was fill out a form behind a link. Joyfully, some employees did so and waited to receive their bonus in what was a difficult year economically.

Then, in a follow-up email a few days later, Godaddy told them that there were in fact no bonuses and that the email was just a test to see how well employees were equipped against phishing attempts.

Employees who had filled out the form were then required to retake the company’s “Security Awareness Social Engineering Training.”

Such training, as well as testing, is a sensible thing in itself. However, the timing and the promise of bonus payments put the whole action in a rather unpleasant light.