JAKARTA - The Kaspersky Global Research and Analysis Team (GReAT) research team has revealed the latest findings related to a supply chain compromise (supply chain attack) on Notepad++, which turns out to target a number of organizations in various countries.
In the report, Kaspersky said the attackers targeted a government organization in the Philippines, a financial institution in El Salvador, an IT service provider in Vietnam, and individuals in three different countries.
The attack was carried out using at least three different infection chains, two of which have never been previously published.
During this campaign, the attackers completely changed their malware, command and control infrastructure, and delivery methods approximately every month between July and October 2025.
This change makes it difficult to track the campaign because each chain uses different IP addresses, domains, execution methods, and payloads.
The developers of Notepad++ have even revealed that on February 2, 2026, their update infrastructure was hacked by hackers due to a hosting provider incident.
However, previous public reporting has only focused on malware detected in October 2025. This has led many organizations to be unaware of other hacking indicators used in the July to September period.
Therefore, Kaspersky GReAT senior security researcher Georgy Kucherin warns that organizations should not immediately feel safe just because they have not found publicly known indicators of compromise (IoC).
"Experts who examine their systems against publicly known IoCs and find nothing should not assume that they are safe," said Georgy Kucherin, senior security researcher at Kaspersky GReAT.
Because according to him, hackers actually use different IP, domain, and file hashes to carry out each attack so that it is not easily detected.
"Given how often these attackers rotate their tools, we cannot rule out the existence of additional chains that have not been discovered," he said.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
