diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py
index 743cf793e..c12be142d 100644
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@@ -70,11 +70,6 @@ class HadoopExploiter(WebRCE):
                 self.exploit_result.exploitation_success = True
                 self.exploit_result.propagation_success = True
 
-                self._publish_exploitation_event(
-                    target=self.host.ip_addr,
-                    exploitation_success=True,
-                    tags=(HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG),
-                )
                 self._publish_propagation_event(
                     target=self.host.ip_addr,
                     propagation_success=True,
@@ -120,7 +115,15 @@ class HadoopExploiter(WebRCE):
         resp = requests.post(
             posixpath.join(url, "ws/v1/cluster/apps/"), json=payload, timeout=LONG_REQUEST_TIMEOUT
         )
-        return resp.status_code == 202
+
+        success = resp.status_code == 202
+        if success:
+            self._publish_exploitation_event(
+                target=self.host.ip_addr,
+                exploitation_success=True,
+                tags=(HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG),
+            )
+        return success
 
     def check_if_exploitable(self, url):
         try: