Tag: china
-
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windowsThreat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
-
Compromise of Notepad++ Equals Software Supply Chain Fallout
Tags: attack, backdoor, china, exploit, group, infrastructure, open-source, software, supply-chain, vulnerability, windowsHacked Infrastructure Delivered Chinese Nation-State Group’s Backdoor, Experts Warn. The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors. First seen on…
-
Notepad++ supply chain attack: Researchers reveal details, IoCs, targets
Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/notepad-supply-chain-attack-iocs-targets/
-
Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack
Rapid7 identifies custom malware: Cybersecurity firm Rapid7 also published a detailed technical analysis corroborating Ho’s disclosure and identifying the attack as part of a broader campaign deploying previously undocumented malware. Rapid7’s investigation uncovered a custom backdoor the firm dubbed “Chrysalis,” alongside Cobalt Strike and Metasploit frameworks.”Forensic analysis conducted by the MDR team suggests that the…
-
Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom
Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…
-
Notepad++ Attack Breakdown Reveals Sophisticated Malware and Actionable IoCs
A complex espionage campaign attributed to Chinese APT group Lotus Blossom, active since 2009. The investigation uncovered a sophisticated compromise of Notepad++ distribution infrastructure that delivered Chrysalis, a previously undocumented custom backdoor with extensive remote access capabilities. The attack chain began at IP address 95.179.213.0, where execution of notepad++.exe and GUP.exe preceded download of a…
-
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.The development comes shortly First seen…
-
Notepad++ hijacking blamed on Chinese Lotus Blossom crew behind Chrysalis backdoor
The group targets telecoms, critical infrastructure – all the usual high-value orgs First seen on theregister.com Jump to article: www.theregister.com/2026/02/02/notepad_hijacking_lotus_blossom/
-
NDSS 2025 Preventing Channel Depletion Via Universal and Enhanced Multi-Hop Payments
Tags: blockchain, china, computer, conference, framework, Internet, network, risk, software, technologySession 11A: Blockchain Security 2 Authors, Creators & Presenters: Anqi Tian (Institute of Software, Chinese Academy of Sciences; School of Computer Science and Technology, University of Chinese Academy of Sciences), Peifang Ni (Institute of Software, Chinese Academy of Sciences; Zhongguancun Laboratory, Beijing, P.R.China), Yingzi Gao (Institute of Software, Chinese Academy of Sciences; University of Chinese…
-
Chinese Hackers Hijack Notepad++ Updates for 6 Months
State-sponsored threat actors compromised the popular code editor’s hosting provider to redirect targeted users to malicious downloads. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chinese-hackers-hijack-notepad-updates-6-months
-
Fast-Growing Chinese Crime Networks Launder 20% of Illicit Crypto: Chainalysis
The influence of Chinese money laundering networks has skyrocketed since 2020, with the operations now moving almost 20% of all illicit cryptocurrency being laundered last year, according to Chainalysis researchers. In 2025, they processed more than $16 billion, or about $44 million a day. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/fast-growing-chinese-crime-networks-launder-20-of-illicit-crypto-chainalysis/
-
Notepad++ users take note: It’s time to check if you’re hacked
Suspected China-state hackers used update infrastructure to deliver backdoored version. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/02/notepad-updater-was-compromised-for-6-months-in-supply-chain-attack/
-
China-based espionage group compromised Notepad++ for six months
The Chinese APT group Lotus Blossom intruded the tool’s internal systems to snoop on a limited set of users’ activities, according to researchers. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-espionage-group-lotus-blossom-attacks-notepad/
-
Ex-Google Engineer Convicted of Stealing AI Data for China
Linwei Ding Faces Decades in Prison for Trade Secret Theft, Espionage. A federal jury in San Francisco convicted a former Google software engineer of stealing thousands of pages of confidential AI data and transferring it to Chinese technology companies. Linwei Ding is guilty of seven counts of economic espionage and seven counts of trade secret…
-
Notepad++ says Chinese government hackers hijacked its software updates for months
The developer of the popular text editor Notepad++ said hackers associated with the Chinese government hijacked its software update mechanism to deliver tainted software to users for months. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/02/notepad-says-chinese-government-hackers-hijacked-its-software-updates-for-months/
-
Notepad++ Updates Delivered Malware After Hosting Provider Breach
A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider. First seen on hackread.com Jump to article: hackread.com/notepad-updates-malware-hosting-breach/
-
Notepad++ update feature hijacked by Chinese state hackers for months
Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/notepad-plus-plus-update-feature-hijacked-by-chinese-state-hackers-for-months/
-
How state-sponsored attackers hijacked Notepad++ updates
Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/2025-notepad-supply-chain-compromise/
-
How state-sponsored attackers hijacked Notepad++ updates
Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/2025-notepad-supply-chain-compromise/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload…
-
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed in two coordinated campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, targeting Chinese gambling industries, Asian government entities, and private organizations with advanced malware, including HOLODONUT and MKDOOR backdoors. PeckBirdy distinguishes itself through its…
-
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed in two coordinated campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, targeting Chinese gambling industries, Asian government entities, and private organizations with advanced malware, including HOLODONUT and MKDOOR backdoors. PeckBirdy distinguishes itself through its…
-
Notepad++ Users Targeted After State-Backed Attackers Hijack Update Servers
Notepad++ fell victim to a sophisticated supply chain attack orchestrated by state-sponsored threat actors who compromised its update infrastructure over a six-month campaign. Security experts have attributed the attack to a Chinese state-backed group based on the highly selective targeting and technical sophistication demonstrated throughout the incident. Attack Timeline and Scope The compromise began in…
-
Former Google Engineer Found Guilty of Stealing AI Secrets
Linwei Ding, a former Google engineer, has been found guilty of stealing trade secrets for China First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/former-google-engineer-guilty/
-
Ex-Googler nailed for stealing AI secrets for Chinese startups
Network access from China and side hustle as AI upstart CEO aroused suspicion First seen on theregister.com Jump to article: www.theregister.com/2026/01/30/google_engineer_convicted_ai_secrets_china/
-
Spionagegefahr: Verfassungsschutz warnt vor E-Autos aus China
E-Autos aus China könnten theoretisch ferngesteuert werden. Die technischen Risiken sind dokumentiert – doch auch Tesla sammelt massenhaft Daten. First seen on golem.de Jump to article: www.golem.de/news/spionagegefahr-verfassungsschutz-warnt-vor-e-autos-aus-china-2602-204851.html
-
NDSS 2025 Silence False Alarms
Tags: blockchain, china, conference, cyber, data, detection, finance, Internet, network, tool, vulnerabilitySession 11A: Blockchain Security 2 Authors, Creators & Presenters: Qiyang Song (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences), Heqing Huang (Institute of Information Engineering, Chinese Academy of Sciences), Xiaoqi Jia (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of…
-
Jeffrey Epstein Had a ‘Personal Hacker,’ Informant Claims
Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto theft has an unexpected alleged culprit, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-jeffrey-epstein-had-a-personal-hacker-informant-claims/
-
U.S. convicts ex-Google engineer for sending AI tech data to China
A U.S. federal jury has convicted Linwei Ding, a former software engineer at Google, for stealing AI supercomputer data from his employer and secretly sharing it with Chinese tech firms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-convicts-ex-google-engineer-for-sending-ai-tech-data-to-china/
-
Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup
A former Google engineer accused of stealing thousands of the company’s confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday.Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of…