""likely a Chinese state-sponsored group""
""Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.""
"Kevin Beaumont noted that the victims he spoke with "are [organizations] with interests in East Asia.""
Notepad++ shared hosting servers were compromised from roughly June through December 2, 2025, enabling a supply-chain style attack. Traffic for certain targeted users was selectively redirected to attacker-controlled servers that served malicious update manifests. Redirected updates could be replaced with a malicious executable that may have given attackers remote access to a victim's keyboard. The campaign used highly selective targeting, with identified victims being organizations with interests in East Asia. The attackers were likely a Chinese state-sponsored group. No specific date was provided for when the compromise was first discovered by the app's team.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]