Lotus Blossom's Silent Infiltration: Targeted Cyber Attack on Notepad++
A Chinese-linked cyberespionage group named Lotus Blossom hijacked the update process of Notepad++ to target specific users. Gaining access in June 2025, they maintained control until December that year. The attack was highly selective, and cybersecurity experts highlight the group's history of targeting sectors in Southeast Asia and Central America.
A Chinese-associated cyberespionage group, known as Lotus Blossom, has infiltrated the widely-used code editor Notepad++ through its update process, according to both the software developer and cybersecurity researchers.
Don Ho, the developer behind Notepad++, revealed on the project's website that the attackers specifically targeted certain users starting in June 2025, exploiting server vulnerabilities. Active for six months, the cybercriminals had access until September, while holding onto some credentials until December.
Security firm Rapid7 attributes the operation to Lotus Blossom, a group with a history of targeting critical sectors across Southeast Asia and Central America since 2009. Attempts to reach Hostinger, the domain's recent host, and the Chinese Embassy for comments were unsuccessful.
(With inputs from agencies.)
Google News