zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. simlev+S1[view] [source] 2026-02-02 02:18:44
>>myster+(OP)
Probably related to this: https://notepad-plus-plus.org/news/v869-about-taiwan/
◧◩
2. icelan+72[view] [source] 2026-02-02 02:21:13
>>simlev+S1
Yeah, Notepad++ is known for political messaging in their updates. Taiwan, Ukraine, etc.
◧◩◪
3. lobito+N2[view] [source] 2026-02-02 02:27:28
>>icelan+72
Probably the real motive.
◧◩◪◨
4. chvid+Fb[view] [source] 2026-02-02 04:05:03
>>lobito+N2
“ The incident began from June 2025. Multiple independaent security researchers have assessed that the threat acotor is likely a Chinese state-sponsored group, which would explain the highly selective targeting obseved during the campaign.”

How do they know it was a Chinese group or even a state sponsored one?

◧◩◪◨⬒
5. uhx+nf[view] [source] 2026-02-02 04:45:03
>>chvid+Fb
By analyzing payloads / C2 address, etc...
◧◩◪◨⬒⬓
6. somena+xj[view] [source] 2026-02-02 05:28:51
>>uhx+nf
Yeah because a state level actor would be completely incapable of false attribution.
◧◩◪◨⬒⬓⬔
7. lukan+jE[view] [source] 2026-02-02 09:29:28
>>somena+xj
With enough effort, anything can be obfuscated. But effort costs money and also state level actors have limited funds and time and want to go home to their families ar some point and if the purpose was to get a message across (don't mess with china, otherwise face the consequences) there is no need to really hide the origin.
[go to top]