Threat Intel - HPE Launches Threat Labs Amid Attacks Surge
Basically, HPE started a new lab to study and fight against big cyber attacks.
HPE has launched Threat Labs to address rising enterprise-scale cyber attacks. Their report reveals sophisticated tactics targeting government and finance sectors. Organizations are urged to enhance security measures against these threats.
What Happened
Hewlett Packard Enterprise (HPE) has launched HPE Threat Labs, a new initiative aimed at tackling the rising tide of cyber threats. This research unit combines security resources from HPE and Juniper Networks. Their first report, titled "In the Wild," analyzes 1,186 active cyber campaigns from 2025, revealing alarming trends in how cyber adversaries operate.
The report notes that attackers now function with the structure and efficiency of large businesses. They employ assembly-line workflows, specialized roles, and coordinate their efforts across platforms like Telegram. This allows them to exfiltrate data in real-time, making their operations more sophisticated and harder to detect.
Who's Being Targeted
The report highlights that government organizations are the most targeted sector, with 274 campaigns aimed at them. Following closely are the finance sector with 211 campaigns and technology with 179 campaigns. This indicates a clear trend where critical infrastructure and financial institutions are under constant threat.
Attackers exploited a staggering 549 vulnerabilities and utilized over 147,000 malicious domains to facilitate their operations. The sheer scale of these attacks underscores the urgent need for organizations to bolster their cybersecurity measures.
Tactics & Techniques
One of the most concerning findings is the weaponization of generative AI for social engineering attacks. Cybercriminals are using synthetic voices, images, and videos to conduct targeted impersonation fraud, video phishing, and even executive deepfakes. These tactics make it increasingly difficult for victims to discern legitimate communications from malicious ones.
The report also emphasizes persistent gaps in patch management, with common entry points identified as VPNs, SharePoint, and edge devices. This highlights the need for organizations to prioritize their patching efforts to mitigate these vulnerabilities.
Defensive Measures
In response to these threats, HPE recommends adopting zero trust principles and implementing SASE architecture. These strategies can help organizations better secure their networks against sophisticated attacks. Additionally, the use of deception technologies and AI-native detection methods is advised to enhance threat detection and response capabilities.
Mounir Hahad from HPE stressed the importance of understanding how attackers behave in active campaigns. By analyzing their tactics and adapting defenses accordingly, organizations can better protect themselves against these evolving threats. The launch of HPE Threat Labs is a significant step in the right direction, aiming to provide deeper insights and more robust defenses against cyber adversaries.