好的,我现在需要帮用户总结这篇文章的内容,控制在100个字以内。首先,我得仔细阅读文章,理解主要事件。 文章讲的是Notepad++的维护者透露,国家支持的黑客通过劫持主机提供商的基础设施,重定向了更新流量到恶意服务器。攻击没有利用Notepad++代码的漏洞,而是在更新到达用户之前进行了拦截。攻击开始于2025年6月,持续到12月。维护者已经将网站迁移到更安全的主机,并加强了更新机制。 接下来,我需要提取关键信息:国家黑客、劫持更新系统、通过主机提供商、未利用代码漏洞、时间跨度、维护者应对措施。 然后,把这些信息浓缩成一句话,不超过100字。要确保包含主要事件和结果。 最后,检查是否有遗漏的重要点,并确保语言简洁明了。 </think> 国家支持的黑客通过劫持Notepad++的更新系统,在主机提供商层面重定向流量至恶意服务器。攻击未利用代码漏洞,而是拦截了用户的更新请求。该事件始于2025年6月,持续至12月。维护者已将网站迁移至更安全的主机,并加强了更新机制的安全性。 2026-2-2 10:55:15 Author: securityaffairs.com(查看原文) 阅读量:1 收藏
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Pierluigi Paganini
February 02, 2026
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level.
The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users.
“According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org.” reads the advisory published by the software maintainers. “The exact technical mechanism remains under investigation, though the compromise occured at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.”
The incident began in June 2025 and was linked by multiple researchers to a likely Chinese state-sponsored group, based on its highly selective targeting. Attackers compromised a shared hosting server until September 2, 2025, and later used stolen internal credentials to redirect Notepad++ update traffic to malicious servers until December 2.
The hosting provider moved all affected customers to a new server, fixed the vulnerabilities that were abused, and rotated all credentials that may have been exposed.
After completing these actions, the provider reviewed system logs and confirmed there was no evidence of continued attacker access or malicious activity.
The security expert found the attack ended on November 10, 2025, while the hosting provider reported possible attacker access until December 2. Combining both assessments, the compromise likely lasted from June to December 2, 2025.
The maintainers apologized to affected users and moved the Notepad++ site to a more secure hosting provider. The updater was strengthened to verify installer certificates and signatures, with signed update data and stricter checks fully enforced in the upcoming v8.9.2 release.
“The security exper’s analysis indicates the attack ceased on November 10, 2025, while the hosting provider’s statement shows potential attacker access until December 2, 2025.” concludes the advsory. “Based on both assessment, I estimate the overall compromise period spanned from June through December 2, 2025, when all attacker access was definitively terminated.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Notepad++)
如有侵权请联系:admin#unsafe.sh