Posts

Showing posts from February, 2023

GoDaddy - A Multiyear Breach...

Can you believe we are at it again? Initially, I assumed that I would only post articles when I have the time (and that appeared to be a "once-a-month" gap), however looking at the number of breaches we are seeing, I'd say that we would be great at a monthly blog post, since it appears there is always a major story every month 🙈 So whats the deal with GoDaddy? Well... In short, threat actors ran and played long enough "inside" GoDaddy for nearly three years . At first, we assumed that it was just the same group that was responsible for an intrusion detected in March 2020, November 2021, and December 2022.  Although it sounds like different things went wrong each time, it was, in fact, the same group!! In the most recent breach, they found malware installed and parts of their code stolen. It's hard to say from the outside, but it would seem that GoDaddy attempted to remediate the breach, but clearly, they left something behind that allowed the attackers to m