Because it's "free," lightweight, highly customizable through plugins, and brimming with professional-grade features, Notepad++ is a widely used text editor among developers and a coveted target for attackers.
Joe Silva, CEO at the runtime vulnerability management platform Spektion, contends that such popular, open-source projects are not truly free, especially in business environments. "At some point, enterprises have to understand that there's a cost to managing and securing open source software," he says.
The Notepad++ supply chain attack that ran undetected for six months represents a dangerous evolution in enterprise cybersecurity—one that exploits fundamental structural weaknesses in how organizations manage developer tools and third-party software dependencies.
George V. Hulme
The attack occurred when China-linked, state-sponsored attackers compromised the hosting infrastructure supporting Notepad++ and the program's update mechanism. Following that compromise, the attackers selectively targeted organizations with interests in East Asia. The operation ran from mid‑2025 until December 2, 2025, with malicious updates observed between late July and October. Over that period, the attackers used multiple infection chains to target a small set of victims, including individuals in Vietnam, El Salvador, and Australia; a government organization in the Philippines; a financial institution in El Salvador; and an IT services provider in Vietnam. In at least one chain, they deployed a custom backdoor dubbed Chrysalis, alongside more conventional payloads such as Cobalt Strike.
But the real story isn't just another nation-state compromise. This attack highlights how developer tools are a governance blind spot for organizations, ongoing weaknesses in the integrity of update mechanisms, the continued evolution of supply chain attacks, and, some contend, how enterprise security programs have structurally over-indexed on detection and response tools while leaving significant gaps in pre-attack vulnerability management.
The Attack: Infrastructure, Not Code
To execute the attack, the threat actors didn't compromise Notepad++'s source code or exploit a traditional software vulnerability in the product. Instead, they breached Hostinger, the former shared hosting provider for notepad-plus-plus.org, and executed a man-in-the-middle attack on update traffic.
The compromise exploited fundamental weaknesses in Notepad++'s WinGUp updater (gup.exe). Before version 8.8.9, the updater didn't verify certificates and signatures of downloaded installers—even though earlier versions had introduced code signing. When targeted users triggered updates, their traffic was redirected to attacker-controlled servers hosting malicious NSIS (Nullsoft Scriptable Install System) installers instead of legitimate updates.
Hostinger acknowledged that attackers specifically targeted the notepad-plus-plus.org domain rather than attempting to compromise all hosted clients, indicating targeted reconnaissance. The attackers maintained direct server access until September 2, 2025, when scheduled maintenance severed that connection—but they retained credentials to internal services until December 2, enabling continued traffic redirection.
Why Traditional Security Controls Failed
The attack succeeded by exploiting blind spots between enterprise security tools. Endpoint detection and response (EDR) tools, designed to detect malicious activity after execution, detected no suspicious activity when a trusted process—the legitimate GUP.exe updater—downloaded what appeared to be a normal update. "There was nothing overtly malicious happening until the payload deploys," Silva says.
Noelle Murata, a senior security engineer at the security services firm Xcape, Inc., says Detection gaps persist despite years of efforts to secure the digital supply chain. "Because organizations inherently trust updates as legitimate administrative actions, and since updaters legitimately require the same high-privilege behaviors - network access, file writes, process spawning - that attackers exploit, malicious activity blends seamlessly with normal maintenance."
Silva added that even when the attack escalated to Cobalt Strike beacons and DLL side-loading techniques, detection was delayed. "By the time the EDR tools detect Cobalt Strike, the attackers already executed code on the system. They've maybe got developer credentials. They've maybe moved laterally," he says.
"What made this attack durable wasn't a lack of telemetry," adds Vishal Agarwal, CTO at cloud security and vulnerability remediation platform Averlon. "It was the inability to connect signals across the attack chain. These gaps persist because teams still look for isolated malware indicators, rather than reasoning about how access chains continue and what must be constrained," he says.
Security researcher Kevin Beaumont identified anomalous behavior in December 2025, prompting a deeper investigation by security firms. Rapid7 attributed the attack to Lotus Blossom (also known as Billbug), a Chinese APT group known for espionage targeting Southeast Asia.
The Developer Tools Governance Gap
The attack highlights what the security executive calls "structural problems in enterprise security programs"—particularly around developer tools that exist in a policy vacuum. "Organizations lack centralized inventories of developer tools installed ad hoc by users, allowing vulnerable versions to persist unpatched across networks for months," says Murata.
"Developer tools are among the hardest to deal with in any enterprise security program," adds Silva. "You'll have a desktop team that typically maintains the Windows image or Mac image, and then you have a whole bunch of third-party tools in what we like to think is a shared responsibility model between IT and the individual engineer, but it's not really, because the engineer isn't thinking of it that way. They're updating for functionality, not security," he says.
His firm's telemetry shows that most enterprise customers run more than 20 versions of Notepad++ simultaneously—evidence of what he calls "totally heterogeneous management structure, even intra-organization".
"For high-privilege developer tools, relying on voluntary upgrades becomes unacceptable once a compromised update path can continue executing across an environment faster than security teams can respond," Agarwal says. Adding that "enterprises need to stop treating developer machines as trusted control points and redesign so endpoints cannot directly complete high-impact actions. In practice, developer machines should act as untrusted clients, with production access mediated through a separate, brokered identity."
Enterprise Defense Strategies
Enterprise security leaders say the Notepad++ incident should be a forcing function, not just another supply chain attack postmortem. The successful breach of targeted enterprises didn't hinge on an exotic zero‑day, but on everyday realities of how developer laptops and tools are deployed, updated, and monitored inside large organizations. In most shops, IDEs, editors, CLIs, debuggers, and build utilities slip through the cracks: they're business‑critical, highly privileged, and widely trusted, yet rarely subject to the same rigor applied to EDR rollouts or identity governance. When that class of tooling becomes a delivery vehicle for nation-state tradecraft, the traditional "detect and respond faster" playbook simply isn't enough.
Silva argues that defenders need to rebalance from endpoint-detection and response tools toward structural controls that make it harder for attackers leveraging compromised tools to move laterally or reach production in the first place. "As an industry, we're way over-indexed on detection and response tools that only catch malicious activity after it's already executing, and attackers are improving faster than those mechanisms can keep up," argues Silva. Silva and other experts we spoke with recommend that organizations implement several structural changes to address supply chain risks in developer environments:
Centralized version control and patching: Desktop infrastructure teams must own patching of developer tools and maintain consistent version control across the organization. "If we expect the developers and engineering community to operate differently, that's never going to work," Silva says.
Runtime process monitoring: Enterprises should implement runtime process allow-listing on developer endpoints to detect anomalous behavior before attacks escalate. "You can't just be allowing people running 'whoami' and 'netstat' commands from a developer tool," he emphasized.
Segmented developer environments: Developer machines cannot maintain persistent access to production infrastructure. "The machine where a developer writes code cannot be the same machine that has persistent access to production infrastructure or a pipeline," he said.
Application-level network controls: Organizations must control outbound network access on a per-application basis, not just per identity, because developers run multiple tools under a single identity.
Industry collaboration: The executive advocates for an ISAC-style information sharing organization specifically for developer tools, similar to existing vertical industry ISACs but focused on tool compromise signals.
Agarwal agrees, "Industry Information Sharing and Analysis Centers (ISACs) must evolve beyond static IoC sharing to disseminate behavioral anomalies rapidly. When one financial institution detects a text editor spawning command shells, that signature should instantly reach telecommunications and government sectors targeted by the same actors."
The Notepad++ developer has migrated to a new hosting provider and enhanced WinGup to verify both certificates and signatures, with XML signing implemented via XMLDSig. All users should immediately update to version 8.9.1 or later and audit systems that attempted updates during the compromise window.
