Threat actors can disable OS security mechanisms such as BitLocker, Hypervisor-Protected Code Integrity and Windows Defender on fully up-to-date Windows 11 systems. The researchers say the malware does not proceed if the victim’s device is located in Romania, Russia, Ukraine, Belarus, Armenia or Kazakhstan, indicating it may have originated from Russia or the Baltic region.