Cyber Incident Victim: Berkine

On April 1, 2020, the Maze ransomware group executed a cyberattack against Berkine, an oil industry entity, resulting in the theft and subsequent public leakage of over 500MB of sensitive corporate data. The attackers exfiltrated confidential documents containing budgets, organizational strategies for 2020, production quantity details, and the cost price per barrel for the Berkine group. The compromised database also included investment plans, mission budgets allocated to Berkine’s owners, employee contact lists, and travel documents belonging to staff members. Maze employed its characteristic double-extortion tactic, threatening to release stolen data unless ransom demands were met. When Berkine did not comply promptly, the group published portions of the data online, specifically referencing information tied to the Sonatrach oil firm. The leaked materials revealed strategic financial operations and internal objectives, exposing proprietary business intelligence.

The incident demonstrated Maze’s escalating operational sophistication, as noted by the French National Agency for Security of Information Systems (ANSSI), which had previously investigated the group following its January 2020 attack on a Bouygues subsidiary. ANSSI confirmed Maze’s practice of exfiltrating data prior to encryption to intensify pressure on victims. Public disclosure of Berkine’s internal documents provided threat actors with phishing material, amplifying secondary risks to employees and partners. The breach compromised corporate confidentiality, operational security, and employee privacy through the exposure of personally identifiable information. No details regarding Berkine’s containment measures or technical response were disclosed in available reporting.