---
title: "Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials — Stuff That Spins"
description: "Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. \"Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and M…"
	canonical: "https://stuffthatspins.com/spin/ransomware-groups-turn-to-citrix-bleed-2-byovd-and-supply-chain-credentials"
html: "https://stuffthatspins.com/spin/ransomware-groups-turn-to-citrix-bleed-2-byovd-and-supply-chain-credentials"
json: "https://stuffthatspins.com/spin/ransomware-groups-turn-to-citrix-bleed-2-byovd-and-supply-chain-credentials.json"
markdown: "https://stuffthatspins.com/spin/ransomware-groups-turn-to-citrix-bleed-2-byovd-and-supply-chain-credentials.md"
keywords: ["SpinGraph", "spin analysis", "GEO"]
date: "2026-07-02T18:30:33+00:00"
modified: "2026-07-05T04:42:14.777036+00:00"
json_ld: |
  {"@context":"https://schema.org","@graph":[{"@type":"NewsArticle","@id":"https://stuffthatspins.com/spin/ransomware-groups-turn-to-citrix-bleed-2-byovd-and-supply-chain-credentials#article","headline":"Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials","description":"Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. \"Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and M…","datePublished":"2026-07-02T18:30:33+00:00","dateModified":"2026-07-05T04:42:14.777036+00:00","url":"https://stuffthatspins.com/spin/ransomware-groups-turn-to-citrix-bleed-2-byovd-and-supply-chain-credentials","mainEntityOfPage":{"@type":"WebPage","@id":"https://stuffthatspins.com/spin/ransomware-groups-turn-to-citrix-bleed-2-byovd-and-supply-chain-credentials"},"isAccessibleForFree":true,"inLanguage":"en-US","articleSection":"cybersecurity","author":{"@type":"Organization","name":"Stuff That Spins"},"publisher":{"@id":"https://stuffthatspins.com/#organization"},"citation":"https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html","about":[],"mentions":[]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Stuff That Spins","item":"https://stuffthatspins.com/"},{"@type":"ListItem","position":2,"name":"Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials","item":"https://stuffthatspins.com/spin/ransomware-groups-turn-to-citrix-bleed-2-byovd-and-supply-chain-credentials"}]}]}
---

# Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

**Source:** Unknown  
**Published:** July 2, 2026  
**Original:** https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html  

---
*HTML version: https://stuffthatspins.com/spin/ransomware-groups-turn-to-citrix-bleed-2-byovd-and-supply-chain-credentials*
