top | item 46851932

(no title)

tragiclos | 28 days ago

> Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.

I'd be curious to know if there was any pattern as to which users were targeted, but the post doesn't go into any further detail except to say it was likely a Chinese state-sponsored group.

discuss

buggymaaan|28 days ago

I dont know who hacked the servers nor I do know how to find out. Let's blame state actors, who's going to come verify these claims.

tragiclos|26 days ago

This article going into more detail on those targeted was posted later:

https://securelist.com/notepad-supply-chain-attack/118708/

x_may|28 days ago

It might have been explicitly targeted, but they did say that there were older versions of Notepad ++ with ""insufficient update verification controls" so it might have just been there was only one subset of users actually susceptible to this.

pavon|28 days ago

No, the additional update verification was added after this attack was discovered. All Notepad++ installations were vulnerable during the time of the hijacking campaign.

NedF|27 days ago

[deleted]

IhateAI|27 days ago

My guess would be certain IPs associated with universities, corporations and government institutions.