The developer of Notepad++ said that hackers connected to the Chinese Communist Party (CCP) hijacked its software’s hosting platform and sent malicious updates to users.
The breach occurred between June and December last year.
In a blog post on Monday, Notepad++ developer Don Ho said that the perpetrators behind the cyber attack were likely associated with the CCP.
He said the hacking campaign was a “highly selective targeting” based on multiple analyses by security experts who examined the malware payloads and attack patterns.
“Rapid7, which investigated the incident, attributed the hacking to Lotus Blossom, a long-running espionage group known to work for China, and said the hacks targeted government, telecom, aviation, critical infrastructure, and media sectors,” according to TechCrunch.
Ho said that even after it cut off access to its servers, the perpetrators were able to redirect people to malicious servers.
They did so by exploiting the update verification process in older versions of the programme.
Notepad++ is a similar text editor to Microsoft’s and has been in operation for more than two decades.
It is popular among the computer programming community globally for its extra features.
The security was strengthened in December last year to block further attacks.
The Notepad++ website is now on a new hosting platform with stronger security practices.
The cyber attack came amid the artificial intelligence tech race.
U.S. lawmakers have repeatedly cited national security concerns posed by foreign adversaries, including the CCP and DeepSeek, the AI company based in Hangzhou, China.
John Moolenaar, Chairman of the Select Committee on the CCP said, “One example—DeepSeek, which used to steal U.S. models to advance its own platform—now linked to censorship, propaganda and military use. “
