Disclosure context

About mnt6

Given the limited public documentation available on mnt6, this appears to be a relatively obscure ransomware operation that emerged in April 2026 with only two known victims documented by security researchers. The group has demonstrated a focused targeting approach, conducting attacks against manufacturing and energy sector organizations specifically in Canada and New Zealand. Based on the small victim count and narrow geographic focus, mnt6 appears to operate as a small-scale independent ransomware group rather than a large RaaS operation, though their specific attack methodologies, encryption techniques, and data exfiltration practices have not been extensively documented in public threat intelligence reporting. No major campaigns or high-profile incidents have been attributed to this group, and their relatively recent emergence means there is insufficient public data from established security firms like Mandiant or government agencies like CISA and FBI regarding their operational tactics, techniques, and procedures. As of current reporting, mnt6 appears to remain active but maintains a low profile with minimal public visibility compared to more prominent ransomware families. The group has been linked to 3 public disclosures across our corpus. First observed on a leak site on April 30, 2026; most recent post May 2, 2026. The operation is currently active.

Timeline of this disclosure

April 30, 2026Silfab Solar listed by mnt6on the group's public leak site

Sector and geography

This disclosure adds to ransomware activity in the Energy sector, which has 374 disclosures indexed across all operators we track. Geographically, Silfab Solar is reported in CA, a country with 278 ransomware disclosures in our corpus.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.

Ransomware victim disclosure

← All victims

Silfab Solar

Claimed by mnt6 · listed 20 days ago

20d

Age

since listed · data leaked

Status timeline

Listed
Apr 30, 2026
Data leaked

At a glance

Group: mnt6
Status: Data leaked
Country: CA
Sector: Energy
Listed on leak site: Apr 30, 2026

About the victim

AI dossier — public-source company profile

Silfab Solar is a leading North American manufacturer of high-efficiency solar panels for residential, commercial, and utility projects, with over 40 years of industry experience and reported revenue of approximately $217.3M. The company operates advanced, fully automated manufacturing facilities in both Canada and the United States, holding ISO 9001:2015 certification across its locations. Its product lines span elite back-contact residential panels to large-scale utility bifacial modules, sold through distributors and installers across North America.

Industry: Solar Panel Manufacturing

Attack summary

Severity: high — The disclosure status is data_published, confirming that exfiltrated business data from a significant North American clean-energy manufacturer operating in critical energy infrastructure has been released publicly, even though specific data categories and volume are not enumerated in the post.

The ransomware group mnt6 claims to have attacked Silfab Solar, with the disclosure status marked as data_published, indicating that exfiltrated data has been released. No specific ransom amount or data volume was stated in the post.

high

What the group claims

Silfab Solar is a leading North American manufacturer of high-efficiency, premium-quality solar panels for residential, commercial, and utility projects. With over 40 years of industry experience, the company operates advanced manufacturing facilities in Canada and the United States, focusing on producing durable, reliable solar modules. [Revenue: $217.3M]

The leak post

captured from the group's site

MNT6 MNT6 Leaks Market Contact us Silfab Solar Silfab Solar is a leading North American manufacturer of high-efficiency, premium-quality solar panels for residential, commercial, and utility projects. With over 40 years of industry experience, the company operates advanced manufacturing facilities in Canada and the United States, focusing on producing durable, reliable solar modules. Revenue: $217.3M McKay McKay is a leading international engineering firm that delivers strategically vital projects across national defense, high-tech shipbuilding, and global energy sectors. The company serves as a key technological partner to the state, implementing innovative automation systems and &#x27;green&#x27; solutions for critical infrastructure. Revenue: $135.8M Photonic Loading... Photonic is delivering scalable, distributed, and fault-tolerant quantum computing and networking technologies. With proven silicon spin qubits, and a native telecom networking interface, Photonic will deliver solutions for previously intractable problems –and unlock solutions for tomorrow’s problem sets. Revenue: $32.6M Contact us &times; Message subject Message Your contact email Send message &rarr;

Screenshot of the leak post

Sources

Victim sitesilfabsolar.com
Leak posthttp://ttvbuilv5mf2wggfjgmvin22ndzghpukhsyy6coz3p4wt5nqnxah7tyd.onion/post/7/

Source

Indexed 20 days ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.