Ransomware Exploits Citrix Bleed 2, BYOVD, and Supply Chain Credentials for Initial Access and Lateral Movement
Ransomware groups are leveraging the Citrix Bleed 2 vulnerability, legitimate remote management tools, and stolen credentials to achieve initial access and execute sophisticated lateral movement. This trend is exacerbated by advanced techniques like the BYOVD exploit and supply chain compromises to bypass security defenses and maximize operational impact.
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.
"Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral
*** END OF TRANSMISSION ***