Skip to main content

Ransomware victim disclosure

All victims

Silfab Solar

Claimed by Mnt6 · listed 3 months ago

2m
Age
since listed · data leaked

Status timeline

  1. ListedApr 30, 2026
  2. Data leakeddate unknown

At a glance

Group
Mnt6
Status
Data leaked
Country
Canada
Sector
Energy
Listed on leak site
Apr 30, 2026

About the victim

AI dossier — public-source company profile

Silfab Solar is a leading North American manufacturer of high-efficiency solar panels for residential, commercial, and utility projects, with over 40 years of industry experience and reported revenue of approximately $217.3M. The company operates advanced, fully automated manufacturing facilities in both Canada and the United States, holding ISO 9001:2015 certification across its locations. Its product lines span elite back-contact residential panels to large-scale utility bifacial modules, sold through distributors and installers across North America.

Industry
Solar Panel Manufacturing

Attack summary

Severity: high — The disclosure status is data_published, confirming that exfiltrated business data from a significant North American clean-energy manufacturer operating in critical energy infrastructure has been released publicly, even though specific data categories and volume are not enumerated in the post.

The ransomware group mnt6 claims to have attacked Silfab Solar, with the disclosure status marked as data_published, indicating that exfiltrated data has been released. No specific ransom amount or data volume was stated in the post.

high

What the group claims

Silfab Solar is a leading North American manufacturer of high-efficiency, premium-quality solar panels for residential, commercial, and utility projects. With over 40 years of industry experience, the company operates advanced manufacturing facilities in Canada and the United States, focusing on producing durable, reliable solar modules. [Revenue: $217.3M]

The leak post

captured from the group's site
MNT6 MNT6 Leaks Market Contact us Silfab Solar Silfab Solar is a leading North American manufacturer of high-efficiency, premium-quality solar panels for residential, commercial, and utility projects. With over 40 years of industry experience, the company operates advanced manufacturing facilities in Canada and the United States, focusing on producing durable, reliable solar modules. Revenue: $217.3M McKay McKay is a leading international engineering firm that delivers strategically vital projects across national defense, high-tech shipbuilding, and global energy sectors. The company serves as a key technological partner to the state, implementing innovative automation systems and 'green' solutions for critical infrastructure. Revenue: $135.8M Photonic Loading... Photonic is delivering scalable, distributed, and fault-tolerant quantum computing and networking technologies. With proven silicon spin qubits, and a native telecom networking interface, Photonic will deliver solutions for previously intractable problems –and unlock solutions for tomorrow’s problem sets. Revenue: $32.6M Contact us × Message subject Message Your contact email Send message →

Screenshot of the leak post

Leak screenshot for Silfab Solar

Sources

Source

Indexed 3 months ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About mnt6

Given the limited public documentation available on mnt6, this appears to be a relatively obscure ransomware operation that emerged in April 2026 with only two known victims documented by security researchers. The group has demonstrated a focused targeting approach, conducting attacks against manufacturing and energy sector organizations specifically in Canada and New Zealand. Based on the small victim count and narrow geographic focus, mnt6 appears to operate as a small-scale independent ransomware group rather than a large RaaS operation, though their specific attack methodologies, encryption techniques, and data exfiltration practices have not been extensively documented in public threat intelligence reporting. No major campaigns or high-profile incidents have been attributed to this group, and their relatively recent emergence means there is insufficient public data from established security firms like Mandiant or government agencies like CISA and FBI regarding their operational tactics, techniques, and procedures. As of current reporting, mnt6 appears to remain active but maintains a low profile with minimal public visibility compared to more prominent ransomware families. The group has been linked to 3 public disclosures across our corpus. First observed on a leak site on April 30, 2026; most recent post May 2, 2026. The operation is currently active.

Timeline of this disclosure

  • April 30, 2026Silfab Solar listed by mnt6on the group's public leak site

Other recent disclosures by mnt6

mnt6 has been linked to 3 public victims on Darkfield. A sample of the most recent:

See the full mnt6 dossier →

Sector and geography

This disclosure adds to ransomware activity in the Energy sector, which has 652 disclosures indexed across all operators we track. Geographically, Silfab Solar is reported in Canada, a country with 314 ransomware disclosures in our corpus.

If your organisation is affected

A listing by mnt6 means Silfab Solar appeared on a ransomware extortion site and data attributed to it has been published. If this is your organisation, or a supplier you depend on, the priority is to confirm the intrusion and contain it before the window to act closes.

  • Engage your incident-response team and preserve forensic evidence before remediating — do not wipe affected systems first.
  • Force a password reset and revoke active sessions for exposed accounts; rotate any credentials, API keys or certificates that may have been in the stolen data.
  • Assess regulatory notification duties (GDPR, NIS2, sector regulators) — many carry a 72-hour reporting clock from awareness.
  • Report the incident to your national CERT, CCCS (Canada), as required for your jurisdiction.
  • Monitor for the data appearing on mnt6's leak site and across paste and breach channels, and brief downstream partners who may be exposed through you.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.