資安預警:APT駭客組織透過Notepad++更新機制漏洞進行供應鏈攻擊 Cybersecurity Alert: APT Hacker Group Conducts Supply Chain Attack via Notepad++ Update Mechanism Vulnerability

2026 年 3 月 9 日
Featured image for “資安預警:APT駭客組織透過Notepad++更新機制漏洞進行供應鏈攻擊 Cybersecurity Alert: APT Hacker Group Conducts Supply Chain Attack via Notepad++ Update Mechanism Vulnerability”

知名的開源記事本軟體Notepad++ 近期被資安研究團隊Rapid7揭露存在CVE-2025-15556高風險漏洞,且該漏洞疑似已遭APT駭客組織利用。此漏洞影響8.8.9(含)之前的舊版本,Notepad++內建的自動更新元件(WinGUp)未強制實施完整的傳輸層加密與下載檔案數位簽章驗證機制,可能導致更新流程遭中間人攻擊(MiTM)或竄改更新來源。

研究指出,APT駭客組織疑似透過入侵Notepad++代管主機供應商的基礎設施,將原先的合法更新路徑攔截或重新導向至惡意伺服器,導致受害者在不知情的情況下更新遭攻擊者竄改的惡意程式,進而植入後門或其他惡意負載。

請Notepad++使用者立即停用舊版自動更新的功能,並務必透過官方網站手動下載安裝最新的v8.9.2版本,以確保更新來源與檔案完整性。

【建議措施】

請立即透過Notepad++官方網站下載並安裝最新版本(2026-02-16 Release v8.9.2)。

https://notepad-plus-plus.org/

【參考資料】

  1. 國家資通安全研究院:https://www.nics.nat.gov.tw/core_business/information_security_information_sharing/Vulnerability_Alert_Announcements/bb824eb7-7f8f-421c-9097-d71e1d4375e2/
  2. TWCERT/CC:https://www.twcert.org.tw/tw/cp-104-10725-feaeb-1.html

 

Cybersecurity research team Rapid7 recently disclosed that the well-known open-source text editor Notepad++ contains a high-risk vulnerability, CVE-2025-15556, which is suspected to have already been exploited by an APT hacker group.

This vulnerability affects version 8.8.9 and earlier. The built-in automatic update component of Notepad++ (WinGUp) does not enforce comprehensive transport-layer encryption or digital signature verification of downloaded files. As a result, the update process may be vulnerable to Man-in-the-Middle (MiTM) attacks or tampering with the update source.

Research indicates that the APT hacker group allegedly compromised the infrastructure of Notepad++’s hosting service provider, intercepting or redirecting the legitimate update path to a malicious server. As a result, victims unknowingly downloaded and installed a tampered-with malicious program during the update process, enabling hackers to implant backdoors or other malicious payloads.

All Notepad++ users are advised to immediately disable the automatic update function in older versions and ensure that they manually download and install the latest version, v8.9.2, directly from the official website to guarantee the authenticity of the update source and the integrity of the installation files.

[Recommended Actions]

Please immediately download and install the latest version (2026-02-16 Release v8.9.2) from the official website of Notepad++:

https://notepad-plus-plus.org/

[References]
  1. National Information and Communication Security Research Institute: https://www.nics.nat.gov.tw/core_business/information_security_information_sharing/Vulnerability_Alert_Announcements/bb824eb7-7f8f-421c-9097-d71e1d4375e2/

2.TWCERT/CC:https://www.twcert.org.tw/tw/cp-104-10725-feaeb-1.html

上一篇 Microsoft Office 安全漏洞修補作業 Microsoft Office Security Vulnerability Patch Update
下一篇