Business News Tech Tech & Internet Popular open-source coding application targeted in Chinese-linked supply-chain attack Popular open-source coding application targeted in Chinese-linked supply-chain attack Reuters Last Updated: Feb 08, 2026, 05:14:00 PM IST Follow us Font Size Abc Small Abc Medium Abc Large Save Print Synopsis Don Ho, the French-based developer of Notepad++, said in a blog posted to the project's website on ‌Monday that malicious actors had ‌targeted the update process for certain targeted users beginning in June 2025. The hackers had access to the hosting server used for Notepad++ updates until September ‌2, 2025, but maintained credentials to some hosting services until December 2, 2025, according to Ho. A Chinese-linked cyberespionage group with a long history hijacked ⁠the update process for the popular code editing platform Notepad++ to deliver a custom backdoor and other malware to targeted users, the program's developer and cybersecurity researchers said on Monday. Don Ho, the French-based developer of Notepad++, said in a blog posted to the project's website on ‌Monday that malicious actors had ‌targeted the update process for certain targeted users beginning in June 2025. The hackers had access to the hosting server used for Notepad++ updates until September ‌2, 2025, but maintained credentials to some hosting services until December 2, 2025, according to Ho. It was not clear which Notepad++ users were targeted, or how many. Ho said in an email that he did not have visibility into how many malicious updates were downloaded. "What I do know from the investigation is that the attack was highly selective - not all users during ​the compromise window received malicious updates, indicating deliberate targeting rather than widespread distribution," Ho ​said. A spokesperson for the Cybersecurity and Infrastructure Security Agency said the agency "is aware of the reported compromise and ‌is investigating possible ‍exposure across the United States Government (USG)." Ho's blog included a message from his hosting provider concluding that ‍the server used to deliver updates to customers "could have been compromised," and ‌that the hackers specifically targeted the domain associated with Notepad++. Internet registration records show that the domain was hosted by Lithuanian hosting provider Hostinger until January 21, a fact Ho confirmed in the email. A spokesperson for Hostinger told Reuters in an email that a "bad actor performed a supply chain attack, during which traffic to the URL of the update file was redirected." Hostinger is working with Notepad++ and sharing all incident-related information, and has also published a blog to the company's website sharing what it can, the spokesperson said. Cybersecurity firm Rapid7 attributed the hacking campaign to a ‍Chinese-linked cyberespionage group tracked as Lotus Blossom in a blog post posted on Monday. Active since 2009, the group has historically targeted government, telecom, aviation, critical infrastructure and media sectors across Southeast Asia and, ‍more recently, Central ⁠America, according to Rapid7. A spokesperson ⁠for the Chinese Embassy in Washington said: "China opposes and fights all forms of hacking in accordance with the law. We do not encourage, support or connive at cyber attacks. We reject the relevant parties' irresponsible assertion that the Chinese government sponsored hacking activity when it had not presented any factual evidence." The hacking group used its access to deliver a custom backdoor that could give it interactive control of infected computers, which could then be used as a foothold to steal data and target other computers, according to the analysis. Kevin Beaumont, a cybersecurity researcher, said in a December 2, 2025, blog post that he was aware of three organizations with interests in East Asia which had security incidents potentially tied to Notepad++. Add as a Reliable and Trusted News Source Add Now! (Catch all the Technology News News , and Latest News Updates on The Economic Times .) ...more Elevate your knowledge and leadership skills at a cost cheaper than your daily tea. How the ‘barbaric relic’ turned boon for millions of SMEs in India Saurabh Mukherjea’s long walk through the quality cycle Faceless I-T appeal system erupts as senior officers want reviews sans rulebook Metals are hot. Why Maruti, M&M, Tata aren’t raising prices then? Stock Radar: 15% rally in a month! Why Syrma SGS is back on bullish radar, Rajesh Palviya explains These large-caps have ‘strong buy’ & ‘buy’ recos and an upside potential of up to 25% Liquor stocks: At the crossroads due to trade agreements? 5 liquor stocks with upside potential of up to 36% Weekly Top Picks: These stocks scored 10 on 10 on Stock Reports Plus Subscribe Now Now Playing