Skip to main content

Ransomware victim disclosure

All victims

McKay

Claimed by Mnt6 · listed 3 months ago

2m
Age
since listed · data leaked

Status timeline

  1. ListedApr 30, 2026
  2. Data leakeddate unknown

At a glance

Group
Mnt6
Status
Data leaked
Listed on leak site
Apr 30, 2026

About the victim

AI dossier — public-source company profile

McKay is a New Zealand-based electrical engineering and electrotechnology firm founded in Dargaville, Northland in 1936, headquartered in Whangārei for the past 60 years. The company operates 11 branches with 100% nationwide coverage, delivering electrical design, pre-construction, construction, and maintenance services across industrial, infrastructure, construction, renewables, and marine sectors. McKay is also expanding into the South Pacific and the United States, with a reported revenue of approximately $135.8M.

Industry
Electrical Engineering & Electrotechnology Services
Address
Whangārei, Northland, New Zealand (headquarters; 11 branches nationwide)
Founded
1936

Attack summary

Severity: high — Data has been published by the threat actor ('data_published'), indicating confirmed exfiltration rather than a mere listing. The group's claims of involvement in national defence and critical infrastructure elevate the potential sensitivity of exposed data, and the company's scale (~$135.8M revenue, national footprint) suggests significant business data is at stake.

The group mnt6 claims to have attacked McKay and published data ('data_published' status), asserting the company is involved in national defence, high-tech shipbuilding, and global energy sectors. No specific data volume or ransom demand has been stated, but the disclosed status indicates data has been released.

high

Data the group says was taken

AI dossier — extracted from the leak post
  • Company business data
  • Engineering project files
  • Defence-related project documentation (claimed)
  • Energy sector project documentation (claimed)

What the group claims

McKay is a leading international engineering firm that delivers strategically vital projects across national defense, high-tech shipbuilding, and global energy sectors. The company serves as a key technological partner to the state, implementing innovative automation systems and 'green' solutions for critical infrastructure. [Revenue: $135.8M]

The leak post

captured from the group's site
MNT6 MNT6 Leaks Market Contact us Silfab Solar Silfab Solar is a leading North American manufacturer of high-efficiency, premium-quality solar panels for residential, commercial, and utility projects. With over 40 years of industry experience, the company operates advanced manufacturing facilities in Canada and the United States, focusing on producing durable, reliable solar modules. Revenue: $217.3M McKay McKay is a leading international engineering firm that delivers strategically vital projects across national defense, high-tech shipbuilding, and global energy sectors. The company serves as a key technological partner to the state, implementing innovative automation systems and 'green' solutions for critical infrastructure. Revenue: $135.8M Photonic Loading... Photonic is delivering scalable, distributed, and fault-tolerant quantum computing and networking technologies. With proven silicon spin qubits, and a native telecom networking interface, Photonic will deliver solutions for previously intractable problems –and unlock solutions for tomorrow’s problem sets. Revenue: $32.6M Contact us × Message subject Message Your contact email Send message →

Screenshot of the leak post

Leak screenshot for McKay

Sources

Source

Indexed 3 months ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About mnt6

Given the limited public documentation available on mnt6, this appears to be a relatively obscure ransomware operation that emerged in April 2026 with only two known victims documented by security researchers. The group has demonstrated a focused targeting approach, conducting attacks against manufacturing and energy sector organizations specifically in Canada and New Zealand. Based on the small victim count and narrow geographic focus, mnt6 appears to operate as a small-scale independent ransomware group rather than a large RaaS operation, though their specific attack methodologies, encryption techniques, and data exfiltration practices have not been extensively documented in public threat intelligence reporting. No major campaigns or high-profile incidents have been attributed to this group, and their relatively recent emergence means there is insufficient public data from established security firms like Mandiant or government agencies like CISA and FBI regarding their operational tactics, techniques, and procedures. As of current reporting, mnt6 appears to remain active but maintains a low profile with minimal public visibility compared to more prominent ransomware families. The group has been linked to 3 public disclosures across our corpus. First observed on a leak site on April 30, 2026; most recent post May 2, 2026. The operation is currently active.

Timeline of this disclosure

  • April 30, 2026McKay listed by mnt6on the group's public leak site

Other recent disclosures by mnt6

mnt6 has been linked to 3 public victims on Darkfield. A sample of the most recent:

See the full mnt6 dossier →

Sector and geography

This disclosure adds to ransomware activity in the Manufacturing sector, which has 3,681 disclosures indexed across all operators we track. Geographically, McKay is reported in New Zealand, a country with 11 ransomware disclosures in our corpus.

If your organisation is affected

A listing by mnt6 means McKay appeared on a ransomware extortion site and data attributed to it has been published. If this is your organisation, or a supplier you depend on, the priority is to confirm the intrusion and contain it before the window to act closes.

  • Engage your incident-response team and preserve forensic evidence before remediating — do not wipe affected systems first.
  • Force a password reset and revoke active sessions for exposed accounts; rotate any credentials, API keys or certificates that may have been in the stolen data.
  • Assess regulatory notification duties (GDPR, NIS2, sector regulators) — many carry a 72-hour reporting clock from awareness.
  • Report the incident to your national CERT, CERT NZ (New Zealand), as required for your jurisdiction.
  • Monitor for the data appearing on mnt6's leak site and across paste and breach channels, and brief downstream partners who may be exposed through you.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.