New Ransomware Tactics: Citrix Bleed and Supply Chain Risk
We analyze how the Anubis group uses the Citrix Bleed 2 vulnerability and BYOVD techniques to infiltrate corporate networks with high efficiency.

The Resurgence of Persistent Threats: The Citrix Bleed 2 Case
The cybersecurity landscape is facing a new challenge. Recent investigations have revealed that ransomware groups associated with the Anubis operation have refined their modus operandi, focusing their efforts on exploiting the vulnerability known as Citrix Bleed 2 (CVE-2025-5777). This flaw allows attackers to gain initial access to critical infrastructure, bypassing perimeter defenses that, until recently, were considered robust.
The Evolution of Hacking: BYOVD and Lateral Movement
Beyond initial access, attackers are employing a sophisticated combination of legitimate Remote Management and Monitoring (RMM) tools and Bring Your Own Vulnerable Driver (BYOVD) techniques. This strategy not only allows them to evade detection by Endpoint Detection and Response (EDR) solutions but also facilitates lateral movement within the network, a critical phase in any large-scale hack.
"Although tactics differ between affiliates, common patterns in the use of legitimate tools and hands-on-keyboard procedures demonstrate a worrying professionalization of cybercrime."
It is essential to remember that the attack surface is dynamic. As we saw in the case of ChocoPoC: The dangerous hack lurking for vulnerability researchers, attackers always look for the weakest link, whether in management software or supply chain credentials.
Mitigation Recommendations
To protect against these threats, organizations must adopt a defense-in-depth approach:
- Critical Updates: Prioritize patching all internet-facing Citrix devices.
- RMM Monitoring: Audit and restrict the use of unauthorized remote management tools.
- Credential Hygiene: Implement phishing-resistant multi-factor authentication (MFA) to prevent supply chain credentials from becoming an entry point.
Modern cybersecurity allows for no complacency. The ability of ransomware groups to adapt to new vulnerabilities requires IT teams to maintain a posture of constant vigilance and the ability to respond rapidly to any anomalous behavior in their systems.
Source: The Hacker News (https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html)
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...