Attackers had specifically delivered malware to systems using the Notepad++ updater. Investigations point to state actors.