THREAT OPS › Threat News › Small numbers of Notepad++ users reporting security woes
Small numbers of Notepad++ users reporting security woes
<p>Interesting one, has been rumbling for about a week in my circles.</p><p>I’ve heard from 3 orgs now who’ve had security incidents on boxes with Notepad++ installed, where it appears Notepad++ processes have spawned the initial access. These have resulted in hands on keyboard threat actors.</p><p>It is unclear exactly what is happening, and this blog is not to blame the (very good) developer of
MITRE ATT&CK techniques
- VulnerabilitiesT1588.006
- Search EnginesT1593.002
- Generative AIAML.T0016.002
Indicators of compromise
- https://notepad-plus-plus.org/update/getDownloadUrl.phpurl
- https://cyberplace.social/@GossiTheDogurl
- https://cyberplace.social/invite/i8aScwe6url
- gossithedog@cyberplace.socialemail