Home/News/Ransomware Groups Exploit Citrix Bleed 2, BYOVD
The Hacker News2 min read

Ransomware Groups Exploit Citrix Bleed 2, BYOVD

Ransomware groups have adopted new tactics to gain initial access, with threat actors linked to the Anubis ransomware operation observed exploiting the Citrix Bleed 2 vulnerability (CVE-2025-5777). This vulnerability allows for the compromise of sensitive information, facilitating further network intrusion. The exploitation of Citrix Bleed 2 marks a significant shift in attack vectors, moving towards more sophisticated and targeted methods.

Beyond the Citrix Bleed 2 vulnerability, attackers are also increasingly employing Bring Your Own Vulnerable Driver (BYOVD) techniques. This method involves attackers using legitimate, but vulnerable, drivers already present on a victim's system to elevate their privileges and bypass security controls. This approach is particularly effective as it leverages existing system components, making detection more challenging for security solutions.

Furthermore, threat actors are actively targeting supply chain credentials. By compromising third-party vendors or software providers, attackers can gain access to the networks of their clients. This "hands-on-keyboard" approach, as described by security researchers, allows for more granular control and exploration of victim environments, often leading to significant data exfiltration and system disruption. The combination of these advanced techniques highlights a growing trend in ransomware operations towards more stealthy and impactful intrusions.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next