1. GoDaddy での事件

ircrp @ircrp1 · 3月16日 GoDaddy will have some explaining to do.

https://twitter.com/ircrp1/status/1371484819465592842?s=20

https://www.publish0x.com/ircrp/godaddy-allowed-popular-crypto-domains-takeover-xxodlze?a=M7e5yEPRe2&tid=tc

2. escrow.com

GoDaddy の従業員を狙った? 攻撃 /escrow.com

31 Mar 20 Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

https://krebsonsecurity.com/2020/03/phish-of-godaddy-employee-jeopardized-escrow-com-among-others/

KrebsOnSecurity 21 Nov 20

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/

/liquid.com

21
Nov 20
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. 
The attacks were facilitated by scams targeting employees at GoDaddy,
the world’s largest domain name registrar, KrebsOnSecurity has learned.

The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters. 
In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. 2019 that wasn’t discovered until April 2020.

This latest campaign appears to have begun on or around Nov. 13, with an attack on cryptocurrency trading platform liquid.com.

“A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,” 
Liquid CEO Mike Kayamori said in a blog post. 
“This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”

3. nicehash.com

https://www.nicehash.com /nicehash.com

In the early morning hours of Nov. 18 Central European Time (CET), cyptocurrency mining service NiceHash disccovered that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting email and web traffic for the site. 

NiceHash froze all customer funds for roughly 24 hours until it was able to verify that its domain settings had been changed back to their original settings.

4. history


CategoryDns CategoryWatch CategoryTemplate

MoinQ: DNS/乗取/GoDaddy (last edited 2021-03-21 08:50:26 by ToshinoriMaeno)