Vendor
An unknown sophisticated threat actor is leveraging DLL sideloading within the ViPNet update system to deploy a multi-stage malware suite, including HelloInjector, HelloProxy, HelloExecutor, HelloCleaner, and HelloBackdoor, to establish persistence, exfiltrate data, and maintain covert access to large Russian organizations in government, energy, and other critical sectors.