Comment on Notepad++ Hijacked by State-Sponsored Hackers
AceBonobo@lemmy.world 4 days agoYou might have version 8.8.1 or lower, however it might have tried to order update got the vulnerable package instead and then remained on the older version. I think even if you have the older version that’s not a sign that you weren’t compromised.
pez@piefed.blahaj.zone 4 days ago
Fair point. I was assuming the malicious payload would come along with an update on order to hide, but it’s also possible that the malicious payload was delivered without any update to notepad++.
I’ve not seen any IOCs published have you?
floofloof@lemmy.ca 3 days ago
There’s some IOC information here:
securelist.com/…/118708/
pez@piefed.blahaj.zone 3 days ago
Thanks!
AceBonobo@lemmy.world 3 days ago
I’m not sure what you mean. The article states there were remote hands on keyboard noticed in multiple companies. That’s how the vulnerability was discovered.
pez@piefed.blahaj.zone 3 days ago
I mean IOCs that you can scan for in an environment to see if a machine has been compromised using this vulnerability. Something that tells you if you need to do additional remediation on a machine or just update notepad++ and move on.