The discovery that a routine software update can quietly become an espionage tool has once again unsettled the technology world. In early February 2026, the maintainers of Notepad++, one of the most widely used open-source text editors, confirmed that its update mechanism had been covertly hijacked for months in 2025, enabling suspected Chinese state-linked hackers to deliver malicious updates to carefully selected targets.
The disclosure, made publicly on February 2, 2026 by Notepad++ creator Don Ho, reframed what initially appeared to be an isolated technical anomaly into a case study in modern supply-chain compromise. Rather than corrupting the application’s source code or infecting its entire user base, attackers manipulated the project’s update infrastructure to single out organizations of strategic interest — a tactic that underscores how quietly and precisely contemporary cyber-espionage now operates.
A selective attack hiding in plain sight
Investigations by independent researchers and security firms revealed that the intrusion began as early as June 2025 and persisted until early December. The attackers did not breach the Notepad++ code repository. Instead, they gained access to a shared hosting server used to manage update requests for notepad-plus-plus.org. From there, they were able to intercept and reroute update traffic from certain users to attacker-controlled servers.
This “on-path” technique allowed the hackers to serve manipulated update manifests and malicious payloads without alerting the broader user base. The vast majority of Notepad++ users were never touched. According to the project’s maintainers, the campaign was deliberately narrow and highly selective.
Multiple security researchers assessing the activity concluded that the attackers were likely a Chinese state-sponsored group. Analysts linked the operation to Lotus Blossom, a long-running Chinese espionage actor also known by the aliases Raspberry Typhoon, Bilbug and Spring Dragon. The group’s operational behaviour — limited victim numbers, careful targeting and stealthy persistence — aligned closely with previous campaigns attributed to it.
Those affected were not random individuals. Victims were primarily organizations with interests in East Asia, including entities in government, telecommunications, aviation, critical infrastructure and media. Security researcher Kevin Beaumont, who helped surface the breach, reported that only a small number of victims had been identified and that they experienced hands-on-keyboard reconnaissance activity beginning roughly two months before the intrusion was uncovered.
The attackers’ access was briefly disrupted in early September 2025 when the hosting provider updated the compromised server’s kernel and firmware. However, by that point, the intruders had already harvested internal service credentials. Using those credentials, they maintained the ability to redirect update traffic until December 2, 2025, when the provider finally detected the intrusion and terminated all malicious access.
Malware delivery without code tampering
A technical analysis by Rapid7 shed further light on how the attack functioned at the endpoint level. The firm confirmed that the group deployed a previously undocumented custom backdoor, which it named Chrysalis. While investigators found no definitive indicators of compromise in server logs, a suspicious execution chain repeatedly appeared on victim systems.
Specifically, the normal execution of notepad++.exe and its updater component GUP.exe was followed by the launch of an unexpected process named update.exe. This sequence suggested that malicious payloads were being introduced through the update channel itself rather than through separate infection vectors.
The incident places Notepad++ alongside a growing list of supply-chain attacks that prioritise precision over scale. The most notorious example remains the 2019–2020 SolarWinds breach, in which Russian government hackers inserted a backdoor into legitimate software updates distributed to Fortune 500 companies and U.S. government agencies. Another parallel is the 2018 ShadowHammer campaign, where ASUS’s update infrastructure was compromised: hundreds of thousands of users received tainted updates, but only a few hundred specific machines were of interest to the attackers.
In the Notepad++ case, the approach was even more restrained. Malicious updates were never intended for mass distribution, making detection significantly harder and allowing the campaign to persist for months without public awareness.
In response, the Notepad++ team undertook a rapid overhaul of its infrastructure. The project migrated its website and update systems to a new hosting provider and rotated all potentially compromised credentials. Beginning with version 8.8.9, released in December 2025, the WinGUp updater now verifies installer certificates and digital signatures, and the update XML file is cryptographically signed. Mandatory certificate signature verification is scheduled to be enforced in version 8.9.2, expected to be released in the coming month.
Users were strongly urged to upgrade immediately. Don Ho issued a public apology to those affected and recommended that users and administrators change SSH, FTP/SFTP and MySQL credentials, audit WordPress admin accounts, update plugins and themes, and enable automatic updates. Organizations were advised to look for suspicious outbound network activity from gup.exe, unexpected child processes spawned by the installer, and the presence of files such as update.exe or AutoUpdater.exe in temporary directories.
While multiple researchers and firms have attributed the attack to Chinese state-sponsored actors, developers acknowledged that cyber-attribution remains inherently uncertain, typically relying on targeting patterns, infrastructure reuse and operational behaviour rather than definitive proof.
Even so, the broader implications are difficult to ignore. Notepad++ is free, open-source and widely trusted — a reminder that transparency alone does not eliminate risk. The episode has reinforced warnings that shared infrastructure and limited resources can leave even mature open-source projects exposed, turning trusted update channels into silent vectors for espionage.
For software developers, enterprises and everyday users alike, the lesson is stark: in an era of targeted cyber operations, trust in software must now be paired with continuous verification.
