Hewlett Packard Enterprise (HPE) has released its inaugural cyber threat report, titled 'In the Wild', revealing a significant shift in the operational strategies of modern cyber adversaries. Released on 17 March 2026, the research indicates that cybercrime groups are increasingly mirroring legitimate enterprise business models to maximize financial gain. The report, based on an analysis of 1,186 active threat campaigns observed globally throughout 2025, suggests that the threat landscape has moved beyond isolated attacks. Instead, malicious actors are deploying "industrial-scale" infrastructure, characterized by hierarchical command structures, specialized teams, and rapid coordination.[1]
Mounir Hahad, Head of HPE Threat Labs, noted that the research reflects the reality organizations face daily. "It captures how attackers behave in active campaigns, how they adapt, and where they are finding success," Hahad stated. This professionalization has allowed attackers to pursue high-value targets with greater precision. Government organizations were identified as the primary targets globally, accounting for 274 specific campaigns. The finance and technology sectors followed closely, with 211 and 179 campaigns, respectively. This data highlights a strategic focus on sectors critical to national infrastructure and economic stability.
A key driver of this shift is the integration of automation and artificial intelligence (AI) into criminal workflows. The report details how adversaries now use automated "assembly line" workflows to exfiltrate stolen data in real time. Generative AI is being employed to create synthetic voices and deepfake videos, facilitating sophisticated "vishing" (video-phishing) and executive impersonation fraud. One extortion gang was observed conducting market research on Virtual Private Network (VPN) vulnerabilities to optimize their intrusion strategies.
While these tools accelerate attack speed, they also make attacks more predictable. Disrupting these operations has become more difficult; dismantling a single component rarely halts the broader campaign due to the resilience built into these professionalized structures. In 2025 alone, threat actors deployed over 147,000 malicious domains and actively exploited 549 vulnerabilities.
The report emphasizes that effective defense now depends less on acquiring additional tools and more on improving coordination and visibility across networks. HPE suggests that organizations must break down silos by sharing threat intelligence across teams and industries.
Practical recommendations include:
- Patching Entry Points: Securing VPNs, SharePoint, and edge devices to close frequently exploited pathways.
- Zero Trust Principles: Implementing Zero Trust Network Access (ZTNA) to continuously verify users and limit lateral movement within a network.
- Enhanced Visibility: Utilizing AI-native detection and deception technologies to analyze and respond to attacks with greater speed.
To address this evolving environment, HPE has launched the new HPE Threat Labs, uniting security research talent from HPE and Juniper Networks. David Hughes, SVP & GM, SASE and Security for Networking at HPE, stated that the new labs aim to bridge the gap between research and real-world security outcomes, helping organizations protect the systems their businesses depend on.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information (CTI) via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.cybersecurityintelligence.com/blog/cybercrime-goes-industrial-to-scale-attacks-9210.html
Comments