Summary: KELA investigates a potential connection between two cybercriminal groups, the Belsen Group and ZeroSevenGroup, both linked to Yemen. The Belsen Group emerged in early 2025 by leaking sensitive Fortinet data and selling network access, while ZeroSevenGroup has been active since mid-2024, focusing on stealing and selling data. Similarities in their writing styles and post formats suggest possible collaboration or shared resources.

Affected: Belsen Group, ZeroSevenGroup, targeted businesses

Keypoints :

• The Belsen Group appeared in January 2025, leaking data from Fortinet devices and expanding to network access sales.
• ZeroSevenGroup has been active since July 2024, known for breaching companies and leaking vast amounts of data.
• Both groups exhibit similarities in post formatting, writing style, and are believed to originate from Yemen, suggesting a possible connection.