Rekall Incorporated

Notepad++ users take note: It's time to check if you're hacked

Suspected China-state hackers used update infrastructure to deliver backdoored version.

Notepad++ users take note: It's time to check if you're hacked

Suspected China-state hackers used update infrastructure to deliver backdoored version.

Ars Technica
Feb 4 at 6:32amWeb
Show threadbreakingcupsFeb 4
If only they told us the IOC so the title can actually be followed up on
Show threadEgonallanonFeb 4

rapid7.com/…/tr-chrysalis-backdoor-dive-into-lotu…

Rapid 7 has some at the bottom of this article.

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom.

Rapid7
Show threadbwazFeb 5
It would be nice if there were a test that yhose of us unskilled in pc jargon could run to check all this stuff. A lot of people likely hit by this are familiar with little more than clicking an icon.
Show threadKissakiFeb 5

Direct link to the indicators of compromise that you can check on

The update system hoster determined the compromise was only used against specific targets, so it’s relatively unlikely “normal people” would have been compromised. But if you want to check, you can check on those indicators. These only cover what was discovered on identified compromise, though.

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom.

Rapid7