HPE Threat Labs
Research driven cyber threat intelligence that strengthens resilience, reduces risk, and stops attacks before they impact your network and your business.
What HPE Threat Labs does
HPE Threat Labs is HPE's dedicated team for security research and development and cyber threat intelligence. We turn deep cyber research, continual threat hunting, and product hardening into practical guidance that keeps your network resilient, closes security gaps faster, strengthens defenses, and blocking attacks before they land.
Threat research
Continuous research and threat hunting surface new threats early, with detections and guidance to close gaps fast.
Threat defense
We align defenses to real attacker behavior so products and solutions are built for the threats that matter.
Security audits
Test and verify products internally to uphold strong security standards in any environment.
Threat research
Explore research sourced or sponsored by our HPE Threat Labs team.
2026 Zero Trust Report
The 2026 Zero Trust Report reveals a widening gap between strategy and execution as enterprises grapple with hybrid, multicloud complexity. Insights from 800+ security leaders show how fragmented tools, excess access, and policy drift continue to weaken Zero Trust efforts.
The 2025 Global Study on closing the IT security gap
Ransomware, network and application attacks, insider threats and denial of service attacks are just a few of the threats putting organizations on high alert. The increasing sophistication of cyber criminals—as well as these cyber criminals adopting AI—makes it more important than ever to become aggressive in closing security gaps in the IT infrastructure.
What’s ahead for network and security teams in 2025?
In 2025, network and security teams face rising complexity, tighter integrations, and growing AI‑driven threats, demanding unified, Zero Trust‑ready operations.
2025 SSE Adoption Report
The 2025 SSE Adoption Report reveals why organizations are rapidly shifting to Security Service Edge. With 713 security leaders surveyed, it highlights rising SSE and SASE adoption, Zero Trust priorities, and how companies are modernizing access security for a hybrid, cloud‑first world.
2025 SSE Adoption Report: How to future-proof your network security
Discover how choosing the right technology helps your business stay ahead rather than play catch‑up. Explore research‑backed insights that guide smarter, future‑ready decisions.
2025 VPN Exposure Report
The 2025 VPN Exposure Report uncovers how rising breaches, poor user experience, and outdated architectures are turning VPNs into major security liabilities, pushing enterprises toward modern, zero‑trust access models built for today’s hybrid workforce.
Rethinking remote access: Why zero trust network access replaces VPNs today
For a long time, VPN was synonymous with secure remote access. If you needed to access the corporate network from anywhere else, you fired up a client, typed in a password, and possibly tapped a token, and you were in. It felt like a neat solution to a simple problem.
Featured blogs
- Research blogs
- Tech blogs
- Malware knowledge base
Inside HPE Threat Labs: Where threats meet their match
Introducing the new HPE Threat Labs, your engine for transforming frontline threat research into real‑world protection. Discover how continuous threat hunting, rigorous validation, and built‑in product hardening can strengthen security for your entire organization.
Invisible obfuscation technique used in PAC attack
While investigating a sophisticated phishing attack targeting affiliates of a major American political action committee (PAC) in early January 2025, HPE Threat Labs observed a new JavaScript obfuscation technique.
Threat hunting with passive DNS: Discovering the attacker infrastructure
Understanding how attackers establish and maintain their attack infrastructure is important for building robust defenses. Attackers employ various tactics to keep their operations resilient and undetected. In this blog post, we dive into the methods attackers use to set up their infrastructure, focusing on techniques like IP churn and changing hosting providers.
The hidden door: How CVE-2024-23897 enabled ransomware attack on Indian banks
On August 1, 2024, Retail payments began to be disrupted in Indian banks and suddenly, massive news broke, stating Brontoo Technology Solutions–a collaborator with C-Edge Technologies, which is a joint venture between TCS and SBI, was impacted by a ransomware attack, according to NPCI.
Don't panic: Cybersecurity assessments for network engineers
No panic, real progress. See what assessors actually look for and how network engineers can turn audit findings into quick, practical wins for stronger security.
Hidden danger in your network
IPv6’s default behavior can expose hidden risks in IPv4‑only networks. Devices still probe for IPv6 settings, creating openings attackers can exploit if IPv6 isn’t monitored or secured.
The cost of convenience: Multicast DNS and your privacy
Discover how a "convenience" feature buried in your Wi‑Fi connection—Multicast DNS (mDNS)—quietly exposes your devices and privacy. This eye‑opening Threat Labs breakdown reveals why a protocol built for simplicity has become a hidden security risk.
Ghost in the network: The persistent threat of multicast name resolution
So much of cybersecurity news is dominated by flashy new APTs, CVEs, and malware campaigns that it would be easy to think the field should care about little else but "the next thing".
StealC Malware
StealC is a commodity information stealer offered as Malware-as-a-Service (MaaS). It emerged in early 2023 and has evolved with newer versions introducing RC4protected strings and traffic.
Blackbyte Ransomware
Blackbyte has been known to be a Ransomware-as-a-Service (RaaS) since July 2021. It was reported that it was used in infecting organizations in at least three US critical infrastructure sectors—government facilities, financial, and food and agriculture—as well as others outside the US.
GhostRat Malware
GhostRat is a sophisticated Remote Access Trojan (RAT) known for its stealth, persistence, and modular architecture. The analyzed sample demonstrates advanced capabilities including process injection, credential harvesting, system reconnaissance, and encrypted command-and-control (C2) communication.
"Springshell" Vulnerability
On March 30, 2022, a pseudonymous security researcher posted a proof of concept of a remote code execution vulnerability in the Spring framework for Java. Early speculation likened this vulnerability to last year's log4shell vulnerability.
Demos and videos
HPE Threat Labs breaks down today’s attack techniques, and shows how HPE security solutions detect, defend, and strengthen your posture. Watch the demos for actionable steps you can apply to each tactic.
Additional lab resources
-
InfographicTop trends in getting to SSE
As part of the broader secure access service edge (SASE) framework, a security service edge (SSE) platform offers universal secure access and visibility to web, cloud services and private applications by consolidating security services into a single, scalable solution.
Read the infographic
