Microsoft Incident Response revealed on May 12, 2026, that attackers compromised a third-party IT services provider and used the provider's legitimate HPE Operations Manager and HPE Operations Agent infrastructure to run malicious scripts and steal credentials from multiple customer environments. The disclosure underscores a dangerous trend: threat actors are increasingly exploiting trusted management tools to move laterally, evade endpoint detection and response (EDR) systems, and harvest sensitive data without triggering alarms. This incident illustrates how a single breach at a managed service provider can cascade into widespread compromise across client networks, all while hiding in plain sight within authorized software.

The Trusted Third-Party Attack Vector

IT service providers operate with highly privileged access to customer systems. They deploy monitoring agents, perform maintenance, and use orchestration tools that have deep hooks into operating systems and applications. When an attacker infiltrates such a provider, they inherit a ready-made bridge into dozens or hundreds of downstream clients. In this case, the attackers did not need to deploy custom malware or exploit zero-day vulnerabilities—they simply used the provider's own management suite to execute commands and extract secrets.

HPE Operations Manager (formerly known as HP Operations Manager) and its component, HPE Operations Agent, are enterprise-grade infrastructure monitoring and management tools. The agent runs on every managed server, capable of executing scripts, collecting performance data, and interacting with the OS at a low level. The central manager orchestrates policies across the fleet. By design, these tools are intended to be powerful and pervasive. In the wrong hands, that same power becomes a weapon.

How the Attackers Weaponized Legitimate Software

After breaching the third-party provider, the attackers gained control of the HPE Operations Manager console. From there, they pushed out scripts via the agent to thousands of client endpoints. Because the agent operates with SYSTEM-level privileges, the scripts could perform almost any action: dumping SAM and LSA secrets, querying the Active Directory database, extracting Kerberos tickets, and exfiltrating data over legitimate HTTPS channels.

The attackers used built-in command execution features that are part of standard operations. For example, the agent supports running arbitrary scripts triggered by policy or manual intervention. The attackers crafted policies that appeared as routine maintenance tasks. They also leveraged the agent's ability to reconfigure itself, disabling security controls and logging on the fly. The use of encrypted, authenticated communication between agent and manager made it even harder to spot malicious activity.

Microsoft Incident Response noted that the attackers methodically collected credentials from Local Security Authority Subsystem Service (LSASS) memory dumps and the Windows registry. They then used those credentials to pivot into other systems, often without needing to compromise additional accounts. In several cases, they harvested NTLM hashes and used pass-the-hash techniques to move laterally across networks, all while riding the trusted HPE Ops Agent channels.

EDR Gaps and the Living-Off-the-Land Advantage

The reliance on a trusted monitoring agent created significant EDR gaps. Most security products treat HPE Operations Agent as a known, benign process. It is usually whitelisted, exempt from behavior analysis, and allowed to run scripts unhindered. After all, it is supposed to execute scripts—that's its job. So when the agent launched cmd.exe /c whoami followed by procdump.exe -ma lsass.exe, the EDR saw a legitimate management tool doing legitimate management tasks. The only difference was intent.

This living-off-the-land (LotL) technique is not new, but the abuse of enterprise infrastructure management tools elevates it to an industrial scale. Unlike one-off uses of PowerShell or WMI, HPE Ops provides a persistent, centrally controlled execution framework that spans an entire enterprise. Defenders often focus on common LOLBins like powershell.exe, wmic.exe, or mshta.exe, but overlook the capabilities baked into monitoring agents. This incident serves as a stark reminder that any software capable of executing code remotely must be monitored with the same vigilance as native OS tools.

The Credential Theft Lifecycle

Based on the Microsoft report, the attackers followed a structured credential theft lifecycle:

  • Initial Access: Compromise of third-party IT provider via phishing or vulnerable remote access. The exact initial vector was not disclosed, but such breaches often start with stolen VPN credentials or exploitation of a remote desktop gateway.
  • Control of the Management Plane: Once inside the provider's network, the attackers located and seized the HPE Operations Manager server. They likely used credential dumping on that server to obtain service account passwords.
  • Policy Payload Deployment: Using the manager, they created or modified management policies to include malicious script blocks. The agent on each client endpoint received the policy update and executed the scripts silently.
  • Credential Extraction: Scripts used well-known tools like Mimikatz (renamed to avoid signature detection), procdump to dump LSASS, and registry queries to extract cached domain credentials. Output was stored temporarily in agent log directories and then pulled back via the manager's normal reporting channel.
  • Lateral Movement and Persistence: With a trove of credentials, the attackers accessed other systems using pass-the-hash and Kerberos ticket attacks. They also created new service accounts and added them to privileged groups, ensuring long-term access.

Implications for Windows Environments

Windows systems were the primary target. The HPE Operations Agent runs on Windows Server and client operating systems, integrating tightly with services like Active Directory, DNS, and DHCP. The attackers used this integration to map network topology, identify domain controllers, and locate high-value targets such as SQL servers and file shares hosting sensitive data.

One of the most concerning findings was the attackers' ability to modify Group Policy Objects (GPOs) using captured domain admin credentials. By altering GPOs, they could deploy additional persistence mechanisms, such as scheduled tasks that would survive cleaning efforts. This technique allowed them to re-infect systems even after Microsoft Incident Response helped organizations evict the initial compromise.

Microsoft recommended that Windows customers audit and harden their HPE Ops installations:
- Restrict which accounts can deploy policies. Use dedicated, low-privilege accounts for agent communication.
- Enable detailed logging of all script executions and policy changes. Forward those logs to a SIEM with anomaly detection.
- Implement Just Enough Administration (JEA) and Privileged Access Workstations (PAW) to protect management consoles.
- Segment the management network from the production network. The HPE Operations Manager should not be reachable from arbitrary client subnets.
- Treat the agent as a potentially risky process. Apply EDR rules that monitor its spawned child processes, network connections, and file writes—even if it is whitelisted for other actions.

The Broader Supply Chain Risk

This incident is yet another example of supply chain attacks that exploit trust relationships between service providers and their customers. The SolarWinds SUNBURST attack of 2020 and the Kaseya VSA ransomware incident of 2021 followed similar patterns: compromise an IT management tool used across many clients, then use that tool as a malware delivery platform. The HPE Operations Manager breach is distinct, however, because the attackers did not compromise the software vendor itself but rather a single MSP that used the product. This makes detection even harder, as the software is not counterfeit or trojanized—it is the genuine, vendor‑signed binary being abused through its legitimate functionality.

Organizations must expand their third-party risk management to include not just the security posture of the vendor but also how that vendor's tools are configured and monitored within their own environments. A tool installed with full privileges that can execute arbitrary code should be subject to the same restrictions as any other high-risk application. Yet, time and again, management agents are granted blanket exceptions from security controls for the sake of operational convenience.

Incident Response and Remediation Challenges

Responding to this breach was particularly difficult because the malicious activity was indistinguishable from normal operations. Logs showed the HPE Operations Agent launching cmd.exe and running scripts—exactly what it is supposed to do. Incident responders had to manually review policy change histories, compare script hashes, and analyze network flows to untangle attacker actions from legitimate maintenance.

Microsoft Incident Response noted that in several customer environments, the attackers were able to disable Windows Defender and firewall rules via the agent. This required victims to rebuild entire server images in some cases, as the integrity of the OS could not be guaranteed. Complete remediation often took weeks, as residual compromised credentials allowed the attackers to regain access even after initial cleanup.

The cost of the breach extended beyond immediate data loss. Several affected organizations reported regulatory scrutiny, as stolen credentials potentially exposed personally identifiable information (PII) protected by GDPR and CCPA. Others faced class-action lawsuits from business partners whose data was also compromised through shared trust relationships.

Recommendations for Defenders

Based on this incident, Microsoft updated its guidance for securing operational technology (OT) and IT management tools. The following actions are now considered essential for enterprise Windows environments:

  • Strict Policy Enforcement: Use Windows Defender Application Control (WDAC) or AppLocker to restrict what binaries the HPE Ops Agent can execute, even from its own scripts. For example, only allow PowerShell with constrained language mode and a list of approved commands.
  • Credential Guard and LSA Protection: Enable Windows Defender Credential Guard and LSA Protection to prevent credential dumping from LSASS. This would have blunted the attackers’ primary credential theft method.
  • Network Segmentation: Isolate management servers in a dedicated, controlled VLAN. Require jump servers and multi-factor authentication (MFA) for access to the HPE Operations Manager console.
  • Agent Authentication: Ensure that agent-to-manager communication uses mutual TLS with proper certificate validation. Rotate certificates regularly and monitor for unauthorized enrollment requests.
  • Continuous Monitoring: Feed agent logs and performance metrics into a SIEM with behavioral analytics. Look for anomalies such as a sudden surge in script execution, unusual child processes spawned by the agent, or network connections to non-standard destinations.
  • Third-Party Audits: Conduct regular security audits of any MSP or service provider with similar access. Request evidence that they have similar controls in place and that their own environment is segmented and monitored.

The Road Ahead

As long as enterprises rely on powerful management tools to maintain their infrastructure, attackers will seek to turn those tools against their owners. The HPE Operations Manager breach is not a one-off; it is a template for future attacks against IT service providers and the software they use. The line between legitimate administration and malicious activity has become razor thin.

Microsoft's disclosure serves as a call to action for security teams to rethink how they classify and monitor trusted processes. Signature-based whitelisting is insufficient. Behavior-based detections, zero-trust principles, and assuming breach must be applied even to the software that manages our most critical systems. The fact that a tool is signed by a reputable vendor and deployed by a trusted partner does not make it safe—it only makes it an attractive target.

For Windows administrators and security professionals, the lesson is clear: audit your management agents, enforce least privilege, and prepare to detect and respond to misuse of tools you trust. Because the next breach may already be underway, hidden in the very processes you rely on every day.

This article is based on a Microsoft Incident Response disclosure dated May 12, 2026, regarding a third-party breach involving HPE Operations Manager. Additional context and best practices are drawn from general Microsoft security guidance and industry-recognized incident response frameworks.