HackerFeeds
All ransomware incidents
momenta.cn

Ransomware group dragonforce hits momenta.cn

MEDIUM
·Technology·CN·2026-07-14

momenta.cn — a technology target operating in CN has been listed by the dragonforce ransomware group on 2026-07-14. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.

Incident Report

Target Organizationmomenta.cn
Threat Group
dragonforce
SummaryMomenta is an AI and autonomous-driving company. All source code, financial documents, configuration files, employee database, and more were stolen. Servers and workstations were encrypted. Momenta is trying to hide everything from Chinese regulators, the HKEX commission, and investors while reporting a $751M profit from its recent IPO. With a $9B+ market capitalization, this amounts to one of the largest financial frauds in Chinese history.
Date of Breach2026-07-14
Discovery Date2026-07-14
RegionCN
Target Domainmomenta.cn
Business SectorTechnology
Severity
MEDIUM

Claim by dragonforce

Momenta is an AI and autonomous-driving company. All source code, financial documents, configuration files, employee database, and more were stolen. Servers and workstations were encrypted. Momenta is trying to hide everything from Chinese regulators, the HKEX commission, and investors while reporting a $751M profit from its recent IPO. With a $9B+ market capitalization, this amounts to one of the largest financial frauds in Chinese history.

Posted by the dragonforce threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.

Sources

Victim website

momenta.cn

Leak post (onion / Tor)

tor

http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog/?post_uuid=3880d2b3-a7c4-473b-9407-bc9147cd9b63

Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.

Disclaimer

HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.