Cyber Incident Victim: Anadarko Petroleum Corporation

On April 1, 2020, the Maze ransomware group executed a cyberattack against Berkine, resulting in the theft of over 500MB of confidential corporate data. The attackers exfiltrated databases containing sensitive operational and financial documents, including detailed budgets, organizational strategies for 2020, production quantity records, and cost-per-barrel calculations. Employee records were also compromised, encompassing contact information and travel documents. Maze employed its characteristic double-extortion tactic, encrypting systems while simultaneously threatening to release stolen data unless ransom demands were met. The group followed through on its threat by leaking portions of the data publicly, specifically targeting information related to Berkine's ownership structure and financial operations.

The leaked documents included investment plans, mission budgets for Berkine's parent companies, and strategic objectives for the fiscal year. Security researchers at Under the Breach confirmed the authenticity of the published materials, which appeared on hacker forums accessible to malicious actors. This incident aligned with Maze's established pattern of escalating pressure tactics, as previously documented by the French National Agency for Security of Information Systems (ANSSI) following their January 2020 attack on a Bouygues subsidiary. The group maintained an active leak site where they periodically released additional stolen data to incentivize payment from victims. The exposure of employee personally identifiable information and proprietary business metrics created significant operational and reputational risks for the organization, though specific containment measures or incident response actions by the victim were not disclosed in available reporting.