Notepad ++

Inchs · Tuesday at 2:55 PM

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets - Help Net Security

Researchers have attributed the recent Notepad++ supply chain attack to Lotus Blossom, a Chinese state-sponsored group.

www.helpnetsecurity.com

If you have notepad pp it'd be a good idea to run a hash check against all of your drives to see if you get any hits, major exploit

Eistee von Aldi · Tuesday at 3:00 PM

This would only affect people who installed in that specific time period or updaters (who tf updates notepad except for Creepis probably)

Inchs · Tuesday at 3:01 PM

Eistee von Aldi said:
This would only affect people who installed in that specific time period or updaters (who tf updates notepad except for Creepis probably)

Nope, they can/did push auto updates from the server, if you had notepad++ at any point run the hash check

The newest update, 8.9 fixed the auto update, but you system could still be infected

Nakos · Tuesday at 3:19 PM

Traffic from certain targeted users was selectively redirected to attacker-controlled malicious update manifests.

source
Absolutely follow Inchs' advice here, just some important context that according to the developers the attack was targeted and did not affect all users.

Clarky · Tuesday at 3:21 PM

Eistee von Aldi said:
This would only affect people who installed in that specific time period or updaters (who tf updates notepad except for Creepis probably)

Why are we shaming people for updating software ?

Inchs · Tuesday at 3:21 PM

Nakos said:
source
Absolutely follow Inchs' advice here, just some important context that according to the developers the attack was targeted and did not affect all users.

Currently no indication on what was a target though so best to be safe

thehomelessdude · Tuesday at 3:33 PM

How do I run a hash check chat

Inchs said:
Notepad++ supply chain attack: Researchers reveal details, IoCs, targets - Help Net Security

Researchers have attributed the recent Notepad++ supply chain attack to Lotus Blossom, a Chinese state-sponsored group.

www.helpnetsecurity.com

If you have notepad pp it'd be a good idea to run a hash check against all of your drives to see if you get any hits, major exploit

Inchs · Tuesday at 3:44 PM

thehomelessdude said:
How do I run a hash check chat

There are programs you can run to do it, then just check the known malicious hashes against it

Inchs · Tuesday at 4:31 PM

After looking into it further to verify, you just needed to run notepad pp during this time period to have been exposed

The C2 server is offline so it is likely it is currently being exploited but still check your system

Notepad ++

Similar threads