Nation-State Actors Exploit Notepad++ Supply Chain

**Executive summary:** Between June and December 2025, a state‑sponsored group known as Lotus Blossom compromised Notepad++'s update infrastructure to selectively serve malicious update manifests to high‑value targets (notably system administrators) across multiple regions and sectors, resulting in delivery of the Chrysalis backdoor (via Bitdefender DLL sideloading) and Cobalt Strike beacons (via malicious Lua scripts); the report provides IoCs, detection queries, timelines, and remediation guidance.