Cybercrime Scales Up With Enterprise‑Style Tactics

03/23/2026
HPE Threat Labs

HPE Threat Labs report reveals cyber adversaries are morphing their business model to scale and accelerate attacks
  • Modern attackers are adopting industrialized methods to expand and accelerate their operations.
  • HPE Threat Labs’ new In the Wild report outlines how automation, AI tools, and repeatable infrastructure are reshaping global cyberthreats.
  • Critical sectors—including government, finance, and technology—remain primary targets as adversaries refine their business‑like approach.

A Shifting Threat Landscape

HPE’s inaugural In the Wild report paints a detailed picture of how cyber adversaries evolved throughout 2025. The research draws on observations from 1,186 active threat campaigns, revealing a threat environment defined by scale, coordination, and professionalization. Attackers increasingly rely on automation and long‑standing vulnerabilities to compromise high‑value targets faster than defenders can react. Enterprises now face adversaries that operate with the structure and efficiency of large organizations.

The report emphasizes that these findings reflect real‑world activity rather than controlled lab simulations. HPE Threat Labs analyzed live campaigns to understand how attackers adapt, where they succeed, and which techniques they prioritize. This approach offers security teams a clearer view of the threats most likely to affect their infrastructure. It also highlights the growing need for rapid detection and coordinated defense strategies.

Government entities emerged as the most targeted sector, with 274 documented campaigns spanning federal, state, and municipal levels. Financial institutions and technology companies followed, facing 211 and 179 campaigns respectively. These patterns underscore attackers’ focus on sectors tied to sensitive data, national infrastructure, and economic stability.

Industrialized Operations and Expansive Infrastructure

Threat actors increasingly run their operations like enterprises, complete with hierarchical structures and specialized teams. This shift enables them to deploy large‑scale attack infrastructures with speed and precision. Throughout 2025, adversaries used more than 147,000 malicious domains and nearly 58,000 malware files, while exploiting 549 known vulnerabilities. These numbers illustrate how repeatable infrastructure allows attackers to scale campaigns with minimal friction.

Nation‑state groups and organized cybercrime operations both contributed to this trend. Their tactics included rapid coordination, deep familiarity with common workplace tools, and targeted exploitation of widely used applications. Even when defenders disrupt one part of an operation, the broader campaign often continues unaffected due to its modular design. This resilience makes modern cybercrime harder to dismantle and more persistent across industries.

Manufacturing, telecommunications, healthcare, and education also experienced sustained targeting. While some sectors face more frequent attacks, the report makes clear that no industry is fully insulated. Attackers continue to prioritize environments where disruption yields financial gain, strategic advantage, or access to sensitive information.

Automation, AI, and Faster Attack Cycles

Automation played a central role in accelerating threat activity. Some groups used “assembly line” workflows on platforms such as Telegram to exfiltrate data in real time. Others incorporated generative AI to craft synthetic voices and deepfake videos for vishing and impersonation schemes. These techniques allowed attackers to bypass traditional verification processes and manipulate victims more effectively.

One extortion group conducted market research on VPN vulnerabilities to refine its intrusion strategy. This level of preparation reflects a broader trend: adversaries are increasingly analytical, data‑driven, and methodical. By streamlining operations and focusing on high‑value targets, they maximize financial returns while minimizing operational overhead. The result is a threat ecosystem that moves faster than many organizations can track.

AI‑assisted attacks also introduce new challenges for defenders. Synthetic media complicates identity verification, while automated workflows reduce the time between initial compromise and data theft. These developments highlight the importance of adaptive defenses capable of responding to rapidly evolving tactics.

Strengthening Cyber Resilience

The report stresses that improving security is less about accumulating tools and more about enhancing coordination and visibility. Organizations benefit from breaking down internal silos and sharing threat intelligence across teams and partners. A secure access service edge (SASE) model can help unify networking and security, making it easier to detect attack patterns early.

Patching remains a critical defense measure, particularly for common entry points such as VPNs, SharePoint instances, and edge devices. Zero trust principles further reduce risk by continuously verifying users and devices before granting access. These measures limit lateral movement and help contain breaches more effectively.

Enhanced visibility through deception technologies, threat intelligence, and AI‑native detection tools can accelerate response times. Extending security practices to home networks, third‑party tools, and supply chain partners also strengthens overall resilience. Together, these steps help organizations keep pace with increasingly organized and persistent adversaries.

HPE Threat Labs’ Role in Modern Defense

HPE established Threat Labs to bridge the gap between advanced research and practical security outcomes. By integrating intelligence from both HPE and Juniper Networks, the organization now draws from a broader data pool and deeper expertise. This combined capability supports more accurate threat tracking and informs the development of defensive technologies across HPE’s product portfolio.

The In the Wild report underscores the need for enterprise‑level strategy and operational rigor in cybersecurity. As attackers adopt business‑like methods, defenders must respond with equally structured and integrated approaches. HPE Threat Labs aims to support this shift by translating research insights into actionable protections for customers.

The 2026 edition of the report is now available for security leaders and IT decision‑makers. HPE will also showcase its findings at the RSA Conference 2026 in San Francisco.

One notable trend highlighted by independent researchers is the growing use of “malware‑as‑a‑service” platforms, which lower the barrier to entry for less‑skilled attackers. These services offer subscription‑based access to ready‑made tools, enabling rapid deployment of campaigns without deep technical expertise. This development aligns closely with HPE’s findings on the industrialization of cybercrime and suggests that the threat landscape will continue to expand in both scale and accessibility.

 

More Stories

Iphone 15 type c

New iPhone spyware raises concerns over large‑scale attacks

03/19/2026
GDPR, EU, security

EU Targets Firms Over Alleged State‑Linked Cyber Attacks

03/17/2026
russian hacker

Russian-Linked Hackers Target Secure Messaging Apps

03/10/2026

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

HPE Threat Labs

Cybercrime Scales Up With Enterprise‑Style Tactics

03/23/2026
Palantir Maven AI platform

Pentagon Makes Palantir AI a Core System

03/22/2026
BEINAO-1

China’s BCI Push Still Trails Neuralink

03/22/2026
XBOX

Senior Xbox Leaders Depart Microsoft

03/22/2026
cybersecurity

U.S. Seizes Iranian Domains Used in Cyber Ops

03/22/2026