Chinese APT Lotus Blossom Delivers Chrysalis Backdoor

Rapid7 Labs and its MDR team disclosed a sophisticated campaign by Chinese APT Lotus Blossom that compromised the Notepad++ distribution infrastructure and delivered a previously undocumented backdoor, Chrysalis. The report details NSIS installer-based delivery, DLL sideloading, custom loaders including a Warbird-protected sample, and custom API-hashing and obfuscation techniques. The findings highlight targeted espionage against government, telecom, and critical infrastructure sectors and include actionable IOCs.