Notepad++ 指控中國政府駭客數月來劫持軟體更新

Topics

Latest

AI

Amazon

Apps

Biotech & Health

Climate

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

Startups

TikTok

Transportation

Venture

More from TechCrunch

Staff

Events

Startup Battlefield

StrictlyVC

Newsletters

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

Notepad++ says Chinese government hackers hijacked its software updates for months

The developer of the popular open-source text editor Notepad++ has confirmed that hackers hijacked the software to deliver malicious updates to users over the course of several months in 2025.

In a blog post published Monday, Notepad++ developer Don Ho said that the cyberattack was likely carried out by hackers associated with the Chinese government between June and December 2025, citing an analysis by security experts. Ho said this “would explain the highly selective targeting” seen during the campaign.

Ho did not say how many users were targeted or how many were compromised — if known — and did not respond to questions by the time of publication. (If we hear back, we will update.)

Notepad++ is one of the longest running open-source projects, spanning more than two decades, and it counts at least tens of millions of downloads to date, including by employees at organizations around the world.

According to Kevin Beaumont, a security researcher who first discovered the cyberattack and wrote up his findings in December, the hackers compromised a small number of organizations “with interests in East Asia” after someone unwittingly used a tainted version of the popular software. Beaumont said that the hackers were able to gain “hands-on” access to the computers of victims who were running hijacked versions of Notepad++.

Ho said that the “exact technical mechanism” of how the hackers broke into his servers remains under investigation, but provided some details as to how the attack went down.

In the blog, Ho said that Notepad++’s website was hosted on a shared hosting server. The attackers “specifically targeted” Notepad++’s web domain with the goal of exploiting a bug in the software to redirect some users to a malicious server run by the hackers. This allowed the hackers to deliver malicious updates to certain users who had requested a software update, until the bug was fixed in November and the hackers’ access was terminated in early December.

“We do have logs indicating that the bad actor tried to re-exploit one of the fixed vulnerabilities; however, the attempt did not succeed after the fix was implemented,” wrote Ho.

Ho apologized for the incident, and urged users to download the most recent version of his software, which contains a fix for the bug.

The cyberattack targeting Notepad++ users is somewhat reminiscent of the 2019-2020 cyberattack affecting customers of SolarWinds, a software company that makes IT and network management tools for large Fortune 500 organizations, including government departments. Russian government hackers broke into the company’s servers and secretly planted a backdoor in its software, allowing the Russian spies to access data on those customers’ networks once the update had rolled out.

The SolarWinds breach affected several government agencies, including Homeland Security and the Departments of Commerce, Energy, Justice, and State.