thesyndrome How long have they known about this? Who was 'selectively targeted'? They need to provide more information, because 7 months is a REALLY LONG TIME to potentially have had a trojan on your device without knowing that a service you used might have been hijacked, and if they say the hackers had access to the server until December 2nd, then that means it's been at least 2 months that they have known about this breach and decided to only now tell people. Reply
DS426 frantyk said: Who was 'selectively' targeted, have they shared the code used for this logic. Would be nice to know if it was at least country specific, as I have updated n++ since aug last year! So far, it appears no individuals and organizations have been publicly named. Also, no IoC's according to their statement at Notepad++ *EDIT* however , Rapid7 provided details on artifacts, including IoC's, in their technical write-up of their investigation. https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/That said, if the attribution of the threat actor is correct, we know what the targeted geographies and sectors are (even as this incident probably wouldn't run the full gamut of Lotus Blossum's target scope). "Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central America, focusing on government, telecom, aviation, critical infrastructure, and media sectors." Specific to this Notepad++ incident, Kevin Beaumont, a well-known security researcher, also investigated the incident and said his victim(s) were in East Asia and were in financial services and telecom industries. Reply
DS426 thesyndrome said: How long have they known about this? Who was 'selectively targeted'? They need to provide more information, because 7 months is a REALLY LONG TIME to potentially have had a trojan on your device without knowing that a service you used might have been hijacked, and if they say the hackers had access to the server until December 2nd, then that means it's been at least 2 months that they have known about this breach and decided to only now tell people. Read above for the "who". It appears to me that Notepad++ learned about it on December 9, 2025 as reported to them by security researchers. https://notepad-plus-plus.org/news/v889-released/ State-sponsored espionage attacks tend to have long dwell times, yes. It's no uncommon to find instances where these incidents went back over a year. Reply
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/notepad-update-server-hijacked-in-targeted-attacks#main
- https://www.tomshardware.com
- NVIDIA DRIVE AV Raises the Bar for Vehicle Safety as Mercedes-Benz CLA Earns Top Euro NCAP Award
- AMD CEO downplays PC memory crunch, saying 'our focus areas are enterprise' — company wants to focus on growing 'higher-end of the market'
- Chinese researchers discover new salty cooling solution that can drop temperatures by more than 50 degrees Celsius in seconds — depressurizing saturated fluid t
- Jensen Huang warns TSMC needs to 'work very hard' to meet AI demand — Nvidia CEO says its demand alone may force doubling its capacity over the next decade
- Save 47% on Samsung's 32-inch 1440p 180Hz gaming monitor as it drops to its cheapest price ever — Get your hands on the Odyssey G5 G50D for just $229 on Amazon
Informational only. No financial advice. Do your own research.