Threat Briefing: EV Certificates

In this episode, Lucie and Fabien break down findings from the leaked Black Basta chat logs showing how the group systematically abused Extended Validation (EV) certificates to sign malware and evade detection. From buying stolen certs on underground forums to remotely accessing YubiKeys over RDP, the operation reveals a high level of coordination—and a serious blind spot in trust-based security models.

We walk through:

• What EV certificates are and why they matter
• How attackers obtained and used them
• Real examples from the leaked conversations
• The exact signing process (including tooling and commands)
• Why traditional defenses often miss this
• How the Vectra AI Platform detects the behavior behind the certificate