Chinese Government-Linked Hackers Exploit Notepad++ Update System to Distribute Malware

Hackers associated with the Chinese government used a compromised version of Notepad++ to distribute malware to targeted users. The update infrastructure hosted by an unidentified provider remained compromised until September 2nd. The attackers retained access credentials to internal services until December 2nd, allowing them to continue redirecting selected update traffic to malicious servers. The hackers specifically targeted the Notepad++ domain to exploit insufficient update verification controls present in older versions. Event logs indicate an unsuccessful re-exploitation attempt after the vulnerability was patched. Users must use at minimum version 8.9.1.