Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Read full story on The Hacker News
Share
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
AI disclosure

Summary

Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral

Original reporting

Open original source

Related coverage

Read full article on The Hacker News

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.