For six months last year the update system of Notepad++, one of the world’s most widely used Windows text editors, was quietly subverted by hackers linked by investigators to the Chinese state. The attackers used their access not to disrupt the software openly, but to deliver malicious versions of it to carefully chosen targets.
According to a statement published this week on the project’s official website, the intrusion began in June with an infrastructure-level compromise that allowed attackers to intercept and redirect update traffic meant for notepad-plus-plus.org. Selected users were silently diverted to rogue update servers and served backdoored versions of the application. Control over the update infrastructure was not fully restored until December.
The developers said the attackers exploited weaknesses in how older versions of Notepad++ verified updates. By manipulating traffic between users and the update servers, they were able to substitute legitimate downloads with malicious ones.
Although update packages were signed, earlier design choices meant those signatures were not always robustly checked, creating an opening for tampering by a well-resourced adversary.
Security researchers say the campaign was highly targeted.
The attackers installed a previously unknown backdoor, dubbed Chrysalis, which Rapid7 described as a custom and feature-rich tool designed for persistent access rather than short-term disruption. Such sophistication suggests strategic objectives rather than criminal opportunism.
Independent researcher Kevin Beaumont reported that several organisations with interests in East Asia experienced hands-on intrusions linked to compromised Notepad++ installations, indicating that attackers were able to take direct control of affected systems.
He had raised concerns months earlier after a Notepad++ update quietly strengthened its updater against hijacking.
The episode underlines a broader vulnerability in the global software supply chain. Open-source tools such as Notepad++ are deeply embedded in corporate and government systems, yet are often maintained with limited resources. That imbalance makes them attractive targets for state-backed hackers seeking discreet access rather than noisy disruption.
Notepad++ developers have urged users to update manually to the latest version and large organisations to consider restricting automated updates. The incident also serves as a reminder that even modest, familiar software can become a conduit for serious espionage when its infrastructure is neglected.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: