Reuters reports that a computer breach exposed files connected to the Kudankulam N-power facility


The ransomware group World Leaks has published a large cache of files on the dark web that it claims are linked to India’s largest nuclear power plant, including alleged blueprints of parts of the facility and supplier information. The group identified the data as originating from Anil Ambani’s Reliance Group.

The Kudankulam Nuclear Power Plant in Tamil Nadu is the largest among India’s seven nuclear facilities and plays a key role in Prime Minister Narendra Modi’s plans to significantly expand the country’s nuclear energy capacity.

Reliance Group, one of the contractors involved in the project, acknowledged in a statement to Reuters that there had been a "partial breach" involving data stored on a server hosted by third-party data centre provider Yotta. The company said the government had been informed of the incident but did not disclose the nature or extent of the compromised data.

Cybersecurity experts have warned that such a breach could present significant security concerns. Nickolas Roth, Senior Director at the Nuclear Threat Initiative, said the incident could pose a "serious" risk to the plant’s safety. The breach also highlights the growing frequency of cyberattacks in India, where many organisations remain inadequately prepared to counter sophisticated cyber threats.

Reuters reviewed the leaked files, dated between 2016 and mid-2025, but was unable to independently verify their authenticity. The documents reportedly include facility blueprints, supplier information, meeting records, inspection reports, equipment assessments, and insurance documents.

The 19,000 files appear to be the most sensitive portion of a larger collection of approximately 858,000 Reliance-related files uploaded to the World Leaks website.

One of Reliance Group’s subsidiaries, Reliance Infrastructure, secured a contract in 2018 to design and build infrastructure for Units 3 and 4 of the Kudankulam Nuclear Power Plant. Both reactors remain under construction and are expected to become operational by 2027, together generating around 2,000 megawatts of electricity.

World Leaks, a ransomware group previously linked to attacks on companies including Nike and the Tata Group, did not respond to Reuters' requests for comment. The group typically publishes stolen corporate data after victims refuse to pay ransom demands. Its website is accessible only through specialised browsers.

In June, World Leaks told Reuters that it had demanded $1.5 million from the Tata Group for data allegedly containing confidential component designs belonging to Apple and Tesla, claiming it published the files after Tata declined to pay.

SUSPICIOUS SERVER ACTIVITY DETECTED IN MAY

According to a source familiar with the matter, the Nuclear Power Corporation of India (NPCIL), which operates the country’s nuclear power plants, has been coordinating with Reliance regarding the breach. India’s national cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), is also investigating the incident.

NPCIL Chairman Rajesh Veeraraghavan, CERT-In, and the government’s principal press office did not respond to repeated requests for comment.

Yotta stated that it detected suspicious activity on May 29 on a server used by Reliance Infrastructure. According to the company, the activity was immediately halted, preventing the suspected ransomware from executing.

However, Yotta said Reliance Infrastructure informed it at the end of June that external threat actors had claimed responsibility for a data breach.

The company added that it had been unable to independently verify the hackers’ claims but had shared the findings of its technical investigation with Reliance Infrastructure and continues to assist with the ongoing inquiry.

India’s Department of Atomic Energy declined to comment, while the Prime Minister’s Office did not respond to Reuters' queries.

LEAKED FILES INCLUDE BLUEPRINTS AND INSURANCE RECORDS

The documents released by World Leaks do not appear to involve the reactors’ core systems, which are supplied by Russia’s state-owned nuclear company Rosatom.

However, the leaked files reportedly include blueprints of ventilation and cooling systems for Units 3 and 4, along with what appears to be the complete floor layout of a common control room.

Other documents allegedly include supplier proposals, approved vendor lists, records of a joint inspection conducted by NPCIL and Reliance in 2024, and photographs of plant equipment.

Among the files is also what appears to be an insurance policy indicating that Reliance Infrastructure and NPCIL would be entitled to compensation of approximately $112 million if either Unit 3 or Unit 4 were damaged in a terrorist attack.

Cybersecurity researchers warn that, if authentic, such documents could enable malicious actors to better understand the plant’s support infrastructure, identify key suppliers, and potentially detect vulnerabilities within its security ecosystem.

According to Nickolas Roth of the Nuclear Threat Initiative, the documents could reveal "not just who has access to the project, but which systems that access extends to."

India recorded the world’s third-highest number of compromised accounts last year, with approximately 28.9 million accounts affected, according to cybersecurity company Surfshark. Only the United States and France reported higher figures.

A report released last year by the Data Security Council of India and cybersecurity firm Seqrite found that among 204 surveyed organisations, 73% were unaware whether they had previously experienced a cyberattack, while 57% lacked adequate cyber hygiene practices.

This is also not the first cybersecurity incident associated with the Kudankulam Nuclear Power Plant. In 2019, malware linked to a North Korean hacking group was detected on the plant’s administrative network. At the time, the Nuclear Power Corporation of India said the incident was investigated promptly and that the plant’s operational systems remained unaffected.


 

buttons=(Accept !) days=(20)

Our website uses cookies to enhance your experience. Learn More
Accept !