THREAT ALERT
Tuesday, February 3rd, 2026
DefenseStorm is aware of a recent campaign attributed to the Chinese APT group Lotus Blossom targeting Notepad++.
DefenseStorm is aware of the recent campaign attributed to the Chinese APT group Lotus Blossom targeting Notepad++. We have collected, validated, and uploaded all currently available Indicators of Compromise (IOCs) and will continue to add additional IOCs as they are released publicly.
Based on the research made available, the organizations compromised appear to have been very targeted indicating that the presence of the vulnerable versions does not guarantee that all organizations are impacted. An initial investigation performed by the DefenseStorm CTS-OPS Team has not revealed any evidence of compromised thus far. The team will continue to investigate as more information is made available.
Below is the link to the official Notepad++ advisory, which includes their published details and recommended actions.
https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Ian Gibson
Cyber Threat Intelligence Engineer
Ian Gibson is a Cyber Threat Intelligence Engineer for DefenseStorm. He joined the company in 2019 after graduating with a bachelor’s in Information Technology from the University of North Carolina: Wilmington. During his time at UNCW, he completed a specialized curriculum path in Cyber Defense Education. Joining DefenseStorm first as an intern, Ian worked in many positions throughout the company, which allowed him to become an expert in several areas of the platform. During his cyber career, Ian has been instrumental in proactively detecting and responding to cyber incidents, developing new policies and analytics to improve the detection and prevention of potential attacks, and training customers to better utilize DefenseStorm’s services. Ian has completed all tracks of the MITRE ATT&CK® Defender certifications, which helped him gain a better understanding of how to apply the knowledge of adversary behaviors to improve security configurations, analytics, and decision-making when it comes to best protecting DefenseStorm clients. Ian also holds a GIAC Cyber Threat Intelligence (GCTI) certification.
