Are Threat Groups Belsen and ZeroSevenGroup Related?

Are Threat Groups Belsen and ZeroSevenGroup Related?
Summary: A threat intelligence report from Kela indicates potential links between two cybercrime groups, Belsen and ZeroSevenGroup. Belsen is newly formed and has leaked sensitive data from FortiGate devices, while ZeroSevenGroup is linked to a substantial data breach involving Toyota. The connection between the two groups is largely circumstantial, based on similarities in their posting formats and other stylistic markers.

Affected: FortiGate devices, Toyota (US dealership), and other organizations in various countries

Keypoints :

  • Belsen emerged in January 2025, leaking 1.6 GB of data from 15,000 FortiGate devices.
  • ZeroSevenGroup, active since July 2024, is linked to a 240 GB data breach from Toyota.
  • Both groups show similarities in posting style and structure, suggesting potential affiliation.
  • Kela suggests both groups may originate from Yemen and share interests in network access sales.
  • While Kela notes circumstantial evidence, no definitive connection is confirmed.

Source: https://www.securityweek.com/are-threat-groups-belsen-and-zerosevengroup-related/