Skip to main content

Ransomware victim disclosure

All victims

Photonic

Claimed by Mnt6 · listed 2 months ago

2m
Age
since listed · data leaked

Status timeline

  1. ListedMay 2, 2026
  2. Data leakeddate unknown

At a glance

Group
Mnt6
Status
Data leaked
Country
Canada
Listed on leak site
May 2, 2026

About the victim

AI dossier — public-source company profile

Photonic is a Canadian technology company developing scalable, distributed, and fault-tolerant quantum computing and networking technologies. The company's platform is based on silicon spin qubits with a native telecom networking interface, targeting solutions for complex computational problems. Photonic has reported revenue of approximately $32.6M.

Industry
Quantum Computing & Networking Technology

Attack summary

Severity: critical — Photonic operates in a strategically sensitive quantum computing and networking sector with national security implications; confirmed data publication by the threat actor from a deep-tech company working on technologies relevant to defence and critical infrastructure elevates this to critical severity.

The group mnt6 claims to have exfiltrated data from Photonic and has published the data ('data_published' status), though the specific volume and nature of files exfiltrated are not detailed in the post.

critical

Data the group says was taken

AI dossier — extracted from the leak post
  • Proprietary quantum computing technology data
  • Internal business documents

What the group claims

Photonic is delivering scalable, distributed, and fault-tolerant quantum computing and networking technologies. With proven silicon spin qubits, and a native telecom networking interface, Photonic will deliver solutions for previously intractable problems –and unlock solutions for tomorrow’s problem sets. [Revenue: $32.6M]

The leak post

captured from the group's site
MNT6 MNT6 Leaks Market Contact us Silfab Solar Silfab Solar is a leading North American manufacturer of high-efficiency, premium-quality solar panels for residential, commercial, and utility projects. With over 40 years of industry experience, the company operates advanced manufacturing facilities in Canada and the United States, focusing on producing durable, reliable solar modules. Revenue: $217.3M McKay McKay is a leading international engineering firm that delivers strategically vital projects across national defense, high-tech shipbuilding, and global energy sectors. The company serves as a key technological partner to the state, implementing innovative automation systems and 'green' solutions for critical infrastructure. Revenue: $135.8M Photonic Loading... Photonic is delivering scalable, distributed, and fault-tolerant quantum computing and networking technologies. With proven silicon spin qubits, and a native telecom networking interface, Photonic will deliver solutions for previously intractable problems –and unlock solutions for tomorrow’s problem sets. Revenue: $32.6M Contact us × Message subject Message Your contact email Send message →

Screenshot of the leak post

Leak screenshot for Photonic

Sources

Source

Indexed 2 months ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About mnt6

Given the limited public documentation available on mnt6, this appears to be a relatively obscure ransomware operation that emerged in April 2026 with only two known victims documented by security researchers. The group has demonstrated a focused targeting approach, conducting attacks against manufacturing and energy sector organizations specifically in Canada and New Zealand. Based on the small victim count and narrow geographic focus, mnt6 appears to operate as a small-scale independent ransomware group rather than a large RaaS operation, though their specific attack methodologies, encryption techniques, and data exfiltration practices have not been extensively documented in public threat intelligence reporting. No major campaigns or high-profile incidents have been attributed to this group, and their relatively recent emergence means there is insufficient public data from established security firms like Mandiant or government agencies like CISA and FBI regarding their operational tactics, techniques, and procedures. As of current reporting, mnt6 appears to remain active but maintains a low profile with minimal public visibility compared to more prominent ransomware families. The group has been linked to 3 public disclosures across our corpus. First observed on a leak site on April 30, 2026; most recent post May 2, 2026. The operation is currently active.

Timeline of this disclosure

  • May 2, 2026Photonic listed by mnt6on the group's public leak site

Other recent disclosures by mnt6

mnt6 has been linked to 3 public victims on Darkfield. A sample of the most recent:

See the full mnt6 dossier →

Sector and geography

This disclosure adds to ransomware activity in the Technology sector, which has 3,549 disclosures indexed across all operators we track. Geographically, Photonic is reported in Canada, a country with 1,055 ransomware disclosures in our corpus.

If your organisation is affected

A listing by mnt6 means Photonic appeared on a ransomware extortion site and data attributed to it has been published. If this is your organisation, or a supplier you depend on, the priority is to confirm the intrusion and contain it before the window to act closes.

  • Engage your incident-response team and preserve forensic evidence before remediating — do not wipe affected systems first.
  • Force a password reset and revoke active sessions for exposed accounts; rotate any credentials, API keys or certificates that may have been in the stolen data.
  • Assess regulatory notification duties (GDPR, NIS2, sector regulators) — many carry a 72-hour reporting clock from awareness.
  • Report the incident to your national CERT, CCCS (Canada), as required for your jurisdiction.
  • Monitor for the data appearing on mnt6's leak site and across paste and breach channels, and brief downstream partners who may be exposed through you.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.