Select Language:
World Leaks, a known ransomware group, has uploaded a vast collection of files on the dark web related to India’s largest nuclear power plant, including what appear to be blueprints and supplier information—claimed to originate from Reliance Group.
Located in Tamil Nadu, the Kudankulam Nuclear Power Plant is the biggest of India’s seven nuclear facilities and a key element in Prime Minister Narendra Modi’s initiative to boost national nuclear energy production.
Reliance Group, a contractor involved with the plant, informed Reuters that there was a “partial breach” of data stored on a third-party Indian data center provider Yotta’s server, and that authorities had been notified. The firm declined to specify what data was compromised.
Nickolas Roth, senior director at the Nuclear Threat Initiative—an organization that advises governments on nuclear security—warned that this could pose a “serious” threat to the plant’s safety. The breach highlights the increasing frequency of cyberattacks in India, where many companies are poorly prepared for such threats.
The leaked documents, reviewed by Reuters, span from 2016 to mid-2025, although their authenticity couldn’t be verified. They include blueprints, supplier listings, meeting records, inspection reports, equipment evaluations, and insurance policies. Of the 858,000 files associated with Reliance on the World Leaks website, about 19,000 appear to be the most sensitive.
One Reliance subsidiary, Reliance Infrastructure, secured a 2018 contract to design and construct infrastructure for Units 3 and 4 of the plant, which are expected to operate by 2027 and will together provide 2,000 megawatts of power.
The group behind the leak, World Leaks, has previously targeted companies like Nike and India’s Tata Group. It did not respond to Reuters questions about the Reliance breach. Typically, the group posts stolen corporate data online when companies refuse to pay ransom demands. Its website is accessible only via specialized browsers.
In June, World Leaks claimed to have demanded $1.5 million to return Tata Group files containing confidential designs for Apple and Tesla, which they released after Tata apparently ignored the ransom.
The Nuclear Power Corporation of India, responsible for operating the country’s nuclear plants, has engaged with Reliance about the breach. India’s main cybersecurity agency, CERT-In, is investigating, though officials declined to comment publicly. Reliance stated that suspicious activity was detected on May 29 on one of its servers and that action was taken immediately to stop the suspected ransomware attack. By the end of June, the company was informed of claims by external threat actors regarding a data breach. Yotta indicated it could not verify these claims but supported ongoing investigations.
The posted documents do not seem to involve the reactors’ core systems, which are supplied by Russia’s Rosatom. They do include blueprints for ventilation, cooling systems, and the layout of a “common control room.” Some files appear to be vendor proposals, lists of approved suppliers, and records of inspections and meetings, including a 2024 joint review with photos of equipment.
Additionally, one document suggests Reliance Infrastructure and the Nuclear Power Corporation held an insurance policy valued at $112 million, covering acts of terrorism in Units 3 or 4. Experts caution that if misused, these files could help adversaries map support systems, identify suppliers, or locate security vulnerabilities—potentially exposing how access to different parts of the plant is granted.
India ranks third globally for data breaches, with 28.9 million accounts compromised last year, trailing only the U.S. and France, according to cybersecurity firm Surfshark. A report by the Data Security Council of India and Seqrite found that 73% of surveyed organizations were unsure if they had ever been attacked, and 57% lacked basic cyber hygiene practices.
This isn’t the first time Kudankulam has faced cyber issues; in 2019, malware linked to North Korean hackers was discovered on its administrative network, though plant operations remained unaffected.





