Belsen Group
Compare
Parsing: enabled
Description
aka Belesn Group.
Belsen Group emerged in January 2025 as a data broker and leak-focused threat actor, not engaging in ransomware encryption. Their first major action involved publishing sensitive configuration files, VPN credentials, and IP addresses for over 15,000 Fortinet FortiGate firewalls—data likely stolen through exploitation of CVE‑2022‑40684. The group began by sharing the data freely to establish credibility, before shifting to monetized access and offering sales of network access to high-value targets such as major banks and an East African airline. Their activities place them firmly in initial access brokerage, targeting confidential infrastructure details for sale.
External Analysis6
| External Analysis |
|---|
| https://outpost24.com/blog/belsen-group-threat-group/ |
| https://fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-data-posting |
| https://rapid7.com/blog/post/2025/01/16/etr-fortinet-firewalls-hit-with-new-zero-day-attack-older-data-leak |
| https://watchguard.com/wgrd-security-hub/ransomware-tracker/belsen-group |
| https://kela.com/blog/could-the-belsen-group-be-associated-with-zerosevengroup/ |
| https://securityweek.com/are-threat-groups-belsen-and-zerosevengroup-related/ |
Jabber2
| Jabber |
|---|
| belsengroup@xmpp.jp |
| belsen@xmpp.com |
Tox1
| Tox |
|---|
| 53AF3716F2A331F47E247B3B4AC9EA4B8602D98D05600F5B898419CB3312CD1E42002D1A569E |
Other2
| Other |
|---|
| BreachForums:@Belsen_Group |
| Twitter:@BelsenGroup |
Urls1
| Url | ||||
|---|---|---|---|---|
| http://belsenacdodoy3nsmmyjfmtgjen6ipaqkti7dm2q57vabjx2vzq6tnad.onion/ | Down |
|
Activity (interactive) 11
Posts11
| Date | Title | Description | Screen |
|---|---|---|---|
| Building Materials Company | Revenue: $300 Million | ||
| Manufacturing Company in North Africa(Sold out) | Revenue: $6 BillionAssets Value: $100 - $200 BillionIndustry: Energy, Electrical, and Electronics Manufacturing, Telecommunication Equipment, Electrical Distribution, Cables, Accessories and more. | ||
| FortiGate (New) | FortiGate 1,000 Targets (Configs+VPN Passwords) | ||
| FortiGate | FortiGate 15K+ Targets (Configs+VPN Passwords) | ||
| Architecture, Engineering & Design Company in Japan | Revenue: $700 Million 2025-02-10 Japan $10K (Negotiable) | ||
| Cosmetics, Beauty Supply & Personal Care Products In United States | Revenue: $500 Million Hosts: +5K 2025-02-10 USA $10K (Negotiable) | ||
| Manufacturing Company in North Africa (Sold out) | Revenue: $6 Billion Assets Value: $100 - $200 Billion Industry: Energy, Electrical, and Electronics Manufacturing, Telecommunication Equipment, Electrical Distribution, Cables, Accessories and more. 2025-02-10 North Africa $20K (Negotiable) | ||
| Airways in East Africa | Revenue: $2 Billion Assets Value: $40 - $100 Billion 2025-02-09 East Africa $15K (Negotiable) | ||
| Bank in East Asia | Revenue: $2 Billion Assets Value: $350 - $400 Billion 2025-02-03 East Asia $15K (Negotiable) | ||
| FortiGate 1,000 Targets (Configs+VPN Passwords) | Global/All The world 103 MB. 500$ | ||
| FortiGate 15K+ Targets (Configs+VPN Passwords) |