Technology

80634 readers

6048 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

531

Notepad++ Hijacked by State-Sponsored Hackers (notepad-plus-plus.org)

submitted 4 days ago by Beep@lemmus.org to c/technology@lemmy.world

91 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Dindonmasker@sh.itjust.works 13 points 3 days ago (15 children)

I would like to know starting from wich version should i be concerned. I haven't updated in a while i think.

[–] MangoCats@feddit.it 11 points 3 days ago (13 children)

The timeline says the attack started in June of 2025 and continued through Dec 2, 2025. If you installed, updated, or silently updated during that period you may have been targeted / compromised.

[–] Snazz@lemmy.world 2 points 3 days ago (7 children)

What was the latest version before June 2025?

[–] pez@piefed.blahaj.zone 11 points 3 days ago (1 children)

Looks like 8.8.1 was May 2025 https://notepad-plus-plus.org/news/v881-we-are-with-ukraine/

8.8.2 was June 2025 and has a warning to ignore "false positives" of malware in the update.... Ouch. https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/

[–] AceBonobo@lemmy.world 3 points 3 days ago (1 children)

You might have version 8.8.1 or lower, however it might have tried to order update got the vulnerable package instead and then remained on the older version. I think even if you have the older version that's not a sign that you weren't compromised.

[–] pez@piefed.blahaj.zone 1 points 3 days ago (2 children)

Fair point. I was assuming the malicious payload would come along with an update on order to hide, but it's also possible that the malicious payload was delivered without any update to notepad++.

I've not seen any IOCs published have you?

[–] floofloof@lemmy.ca 1 points 1 day ago* (last edited 1 day ago) (1 children)

There's some IOC information here:

https://securelist.com/notepad-supply-chain-attack/118708/

And here:

https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/

[–] pez@piefed.blahaj.zone 2 points 1 day ago

Thanks!

[–] AceBonobo@lemmy.world 1 points 2 days ago (1 children)

I'm not sure what you mean. The article states there were remote hands on keyboard noticed in multiple companies. That's how the vulnerability was discovered.

[–] pez@piefed.blahaj.zone 1 points 2 days ago* (last edited 1 day ago)

I mean IOCs that you can scan for in an environment to see if a machine has been compromised using this vulnerability. Something that tells you if you need to do additional remediation on a machine or just update notepad++ and move on.