First Research with IOCs on the Notepad++ Hack Released

Rapid7 Labs and its MDR team have identified a sophisticated campaign attributed to the Chinese APT group Lotus Blossom, active since 2009. The investigation reveals a compromise of the infrastructure hosting Notepad++, used to distribute a previously unseen custom backdoor named Chrysalis. The group primarily targets organizations in Southeast Asia and Central America, focusing on government, telecommunications, aviation, critical infrastructure, and media sectors.