HPE’s Inaugural Cyberthreat Report Exposes Industrialized Tactics of Modern Adversaries in 2025
Hewlett Packard Enterprise (HPE) has released its first cyberthreat research report, titled In the Wild, revealing a significant transformation in the operational methods of cyber adversaries across various global industries and critical public sectors. The report, based on HPE’s analysis of live threat activity throughout 2025, illustrates that cybercrime has evolved into an industrialized model. Attackers are now leveraging automation and exploiting long-standing vulnerabilities to scale their campaigns, compromising high-value targets more swiftly than defenders can react. For enterprises, effectively countering these aggressive threat campaigns and maintaining digital trust within their networks has become a crucial business imperative.
The Evolving Cyber Threat Landscape
The report paints a picture of a global cyber threat environment characterized by scale, organization, and speed. Analyzing 1,186 active threat campaigns observed worldwide from January 1 to December 31, 2025, HPE identifies a rapidly evolving adversary ecosystem marked by professionalism, automation, and strategic targeting. Attackers are employing repeatable infrastructures and exploiting long-standing vulnerabilities to precisely target high-value sectors.
Mounir Hahad, Head of HPE Threat Labs, emphasized that In the Wild reflects the daily realities organizations face. He noted that the research is grounded in actual threat activity rather than theoretical tests in controlled environments. The insights gleaned from these observations are intended to enhance detection capabilities, fortify defenses, and provide organizations with a clearer understanding of the threats most likely to jeopardize their data, infrastructure, and operations. This, in turn, leads to stronger security measures, quicker responses, and greater resilience against increasingly organized and persistent attacks.
The Professionalization of Cybercrime
The inaugural report highlights a notable increase in both the volume of attacks and the sophistication of adversary tactics. Threat actors, including nation-state-linked espionage groups and organized cybercrime syndicates, are increasingly operating like large enterprises. They utilize hierarchical command structures, specialized teams, and rapid coordination to deploy expansive, industrialized attack infrastructures while demonstrating a deep understanding of commonly used workforce applications and documents.
Government organizations emerged as the most targeted sector globally, with 274 campaigns directed at federal, state, and municipal bodies. Following closely were the finance and technology sectors, which experienced 211 and 179 campaigns, respectively. This trend underscores the attackers’ sustained focus on high-value data and financial gain. Other heavily targeted sectors included defense, manufacturing, telecommunications, healthcare, and education. The findings suggest that attackers are strategically prioritizing sectors linked to national infrastructure, sensitive data, and economic stability, reinforcing the notion that no sector is immune to cyber threats.
Throughout the year, threat actors deployed over 147,000 malicious domains, nearly 58,000 malware files, and actively exploited 549 vulnerabilities. This professionalization of cybercrime has made attacks more predictable in execution but increasingly difficult to disrupt, as dismantling a single component of an operation rarely halts the broader campaign.
Innovative Techniques and Strategies
Attackers have also adopted new techniques to enhance their speed and impact. Some operations utilized automated “assembly line” workflows via platforms like Telegram to exfiltrate stolen data in real time. Others employed generative AI to create synthetic voices and deepfake videos for targeted video-phishing (vishing) and executive impersonation fraud. Additionally, an extortion gang conducted market research on virtual private network (VPN) vulnerabilities to refine its intrusion strategy.
These advanced tactics have enabled threat actors to operate more efficiently, reach a larger number of targets, and concentrate their efforts on sectors critical to national infrastructure and economic stability. By streamlining their operations and prioritizing high-value targets, these adversaries have been able to pursue financial gain with greater efficacy, strategically “following the money.”
Recommendations for Enhanced Security Posture
The report underscores that effective defense strategies rely less on merely adding tools and more on improving coordination, visibility, and response across the network. Organizations can take several steps to bolster their security posture:
-
Break Down Silos: Share threat intelligence across corporate teams, customers, and industries. Implementing a secure access service edge (SASE) approach can unify networking and security, allowing for earlier detection of attack patterns.
-
Patch Common Entry Points: Address vulnerabilities in common entry points such as VPNs, SharePoint, and edge devices to reduce exposure and eliminate frequently exploited pathways into the network.
-
Apply Zero Trust Principles: Strengthen authentication processes and limit lateral movement within the network. Zero Trust Network Access (ZTNA) continuously verifies users and devices before granting access.
-
Enhance Visibility and Response: Utilize threat intelligence, deception technologies, and AI-native detection to improve the speed and accuracy of attack detection, analysis, and response.
-
Extend Security Beyond the Corporate Perimeter: Ensure that security measures encompass home networks, third-party tools, and supply chain environments.
These measures can help organizations respond more swiftly, mitigate risks, and better defend against increasingly organized and persistent threats.
The Role of HPE Threat Labs
In response to the evolving threat landscape, HPE has established HPE Threat Labs, uniting world-class security research talent and intelligence from both HPE and Juniper Networks. This initiative aims to create a more extensive data pool for identifying and tracking real-world threats, directly informing HPE products with the necessary threat intelligence to effectively detect and block malicious attacks.
David Hughes, SVP & GM of SASE and Security for Networking at HPE, stated that HPE Threat Labs was designed to bridge the gap between cutting-edge research and real-world security outcomes. The findings from the In the Wild report illustrate that today’s attackers operate with the discipline, scale, and efficiency of global enterprises. Defending against these threats requires a similar level of strategy, integration, and operational rigor. By translating threat intelligence into their products, HPE Threat Labs aims to help organizations reduce risk, limit disruption, and safeguard the systems their businesses rely on.
According to publicly available securityreviewmag.com reporting, the implications of these findings extend beyond individual organizations, highlighting the urgent need for a coordinated response across sectors to combat the increasingly sophisticated tactics employed by cyber adversaries.
