Notepad++ Update Infra compromised for 6 months
3 months ago
- #Notepad++
- #China-state hackers
- #cybersecurity
- Notepad++ infrastructure was compromised for six months by suspected China-state hackers.
- Attackers selectively delivered backdoored versions of the app to targeted users.
- The attack began in June and involved intercepting and redirecting update traffic.
- A custom backdoor named 'Chrysalis' was used, described as sophisticated and feature-rich.
- Attackers maintained access to internal services until December, despite partial remediation in September.
- Older versions of Notepad++ had insufficient update verification controls, which were exploited.