The well-known software Notepad++ for code editing was compromised by a cyberespionage group associated with China. They exploited the software’s update system to distribute malware to specific users, as confirmed by the software developer and security experts.
According to Don Ho, the developer, the hackers infiltrated the server responsible for delivering software updates between June 2025 and early September 2025. Some credentials were still under the hackers’ control until December. The attack was targeted, meaning not all users who updated the software during that time frame received the malicious content.
The cybersecurity company Rapid7 has linked this hacking operation to a Chinese group known as Lotus Blossom, active since 2009, as reported by Reuters. It is suspected that the group introduced a tailored backdoor through the compromised updates, enabling them to take command of infected computers.
Hostinger, the hosting provider, reported that a “bad actor” executed a supply chain attack by redirecting traffic to the update file’s URL. A US cybersecurity agency is currently investigating the potential impact on various government entities in the United States.
The Chinese Embassy in Washington denied the accusations, asserting that China opposes all forms of hacking and demanding factual evidence to support the claims, as per Reuters.
The developer mentioned that the exact number of affected users is unknown. However, independent researchers have identified at least three organizations with connections to East Asia that might have been targeted in this incident.
