{ "id": "8d55edc0-3668-4886-8fa9-44dfd761abdd", "created_at": "2026-04-06T00:18:18.749104Z", "updated_at": "2026-04-10T13:12:57.926141Z", "deleted_at": null, "sha1_hash": "79ca2d3764e09b96163995e4a76deb449b898d55", "title": "MAZE Relaunches \"Name and Shame\" Website", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 35199, "plain_text": "MAZE Relaunches \"Name and Shame\" Website\r\nBy Sarah Coble\r\nPublished: 2020-01-10 · Archived: 2026-04-05 19:48:22 UTC\r\nA threat group has once again taken to the internet to publish data stolen from alleged victims who refuse to\r\ncooperate with its ransom demands. \r\nIn December 2019, the MAZE ransomware group published online a portion of the 120 GB of data they claimed\r\nto have stolen from Southwire, North America’s most prominent wire and cable manufacturer, after the company\r\nrefused to pay a $6m ransom. \r\nThe data was published on the http(colon)//mazenews(dot)top/ site, which was hosted at an ISP in Ireland.\r\nSouthwire subsequently filed a lawsuit in the Northern District of Georgia, USA, on December 31 against the\r\nMAZE operators and won their case, and the site was taken down. \r\nBut yesterday at around 5 p.m. ET the “mazenews” website was back up online, this time hosted out of Singapore\r\nvia Alibaba. \r\nUsing an ominous black backdrop and bright red text, the website lists the companies that have allegedly been\r\ncompromised. In some instances, the total amount of data that has been exfiltrated is also displayed. \r\nOn the site, MAZE states: \"Represented here companies do not wish to cooperate with us, and trying to hide our\r\nsuccessful attack on their resources. Wait for their databases and private papers here. Follow the news!\"\r\nCompanies listed so far are Southwire, RBC, THEONE, Vernay, Bakerwotring, BILTON, greccoauto, Groupe\r\nIgrec, Mitch Co International, Einhell, CONTINENTALNH3, Groupe Europe Handling SAS, Auteuil Tour Eiffel,\r\nFratelli Beretta, Randalegal, crossroadsnet, SAXBST, American tax advisory firm BST \u0026 Co, and laboratory\r\ntesting facility MDL. The Florida city of Pensacola is also listed.  \r\nDownloadable files, presented as proof that a compromise has taken place, are available for Einhell, Fratelli\r\nBeretta, Crossroadsnet, MDL, BST \u0026 Co, SAXBST, Auteuil Tour Eiffel, and Southwire. Under the \"proofs\"\r\ncategory for the other companies, MAZE has written only \"coming soon.\" \r\nThe ransomware group claims to have exfiltrated 3 GB of data from Fratelli Beretta, and 25 GB of data each from\r\nSAXBST and BST \u0026 Co. MAZE further claims that 10% of the 120 GB it allegedly stole from Southwire is\r\n\"available for downloading.\" \r\nFor some unstated reason, the threat group showed mercy on alleged victim Pensacola. \r\n\"We are going to make a gift to City of Pensacola: we will not publish leaked private data, but we publish the list\r\nof leak data and hosts to proof, that we did it, we really hacked City of Pensacola,\" wrote MAZE.\r\nhttps://www.infosecurity-magazine.com/news/maze-relaunches-name-and-shame/\r\nPage 1 of 2\n\nThe city's operational departments that MAZE claims to have compromised include the treasury, finance, risk\r\nmanagement, executive, legal, housing, and human resources departments.\r\nSource: https://www.infosecurity-magazine.com/news/maze-relaunches-name-and-shame/\r\nhttps://www.infosecurity-magazine.com/news/maze-relaunches-name-and-shame/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.infosecurity-magazine.com/news/maze-relaunches-name-and-shame/" ], "report_names": [ "maze-relaunches-name-and-shame" ], "threat_actors": [ { "id": "3fff98c9-ad02-401d-9d4b-f78b5b634f31", "created_at": "2023-01-06T13:46:38.376868Z", "updated_at": "2026-04-10T02:00:02.949077Z", "deleted_at": null, "main_name": "Cleaver", "aliases": [ "G0003", "Operation Cleaver", "Op Cleaver", "Tarh Andishan", "Alibaba", "TG-2889", "Cobalt Gypsy" ], "source_name": "MISPGALAXY:Cleaver", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434698, "ts_updated_at": 1775826777, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/79ca2d3764e09b96163995e4a76deb449b898d55.pdf", "text": "https://archive.orkl.eu/79ca2d3764e09b96163995e4a76deb449b898d55.txt", "img": "https://archive.orkl.eu/79ca2d3764e09b96163995e4a76deb449b898d55.jpg" } }