Massive cyberattack leaks thousands of files from India's largest nuclear plant on dark web
Summarized and contextualized by DistantNews.
At a glance
- Ransomware group World Leaks claims to have leaked thousands of files from India's Kudankulam Nuclear Power Plant on the dark web.
- The leaked data reportedly includes blueprints and supplier details, raising serious safety concerns for the plant.
- Reliance Group, a contractor for the plant, confirmed a partial data breach on a third-party server and has informed the government.
India's largest nuclear power plant, the Kudankulam Nuclear Power Plant, is reportedly the target of a massive cyberattack, with ransomware group World Leaks claiming to have posted thousands of sensitive files on the dark web. The leaked data allegedly includes blueprints of plant facilities and supplier information, raising significant security and safety alarms.
The Kudankulam plant, located in Tamil Nadu, is a cornerstone of Prime Minister Narendra Modi's strategy to expand India's nuclear energy capacity. Reliance Group, a contractor involved in building units 3 and 4, confirmed a "partial breach" of its data. The breach occurred on a server hosted by a third-party Indian data center service provider, Yotta. Reliance has notified the government about the incident, though they have not specified the exact nature of the compromised data.
Cybersecurity experts warn of serious risks. Nickolas Roth of the Nuclear Threat Initiative stated the breach could pose a "serious" risk to the plant's safety. The incident also highlights a growing trend of cyber threats in India, where many companies are reportedly ill-equipped to handle such attacks. Independent cybersecurity researcher Rakesh Krishnan alerted Reuters to the leak, noting that nearly 19,000 files totaling 14.3 gigabytes, searchable under the acronym "KKNP," have been online since June 11.
partial breach
Reuters reviewed some of the documents, dated between 2016 and mid-2025, but could not independently verify their authenticity. The files purportedly include meeting and inspection records, equipment reviews, and insurance policies, in addition to blueprints and supplier details. These 19,000 files appear to be the most sensitive among a larger cache of 858,000 Reliance files on the World Leaks website. Reliance Infrastructure holds a contract awarded in 2018 for infrastructure work on Units 3 and 4, which are expected to become operational by 2027.
World Leaks is a known ransomware group with a history of targeting major entities, including Nike and India's Tata Group. In a previous incident involving Tata Group files, which allegedly contained confidential designs for clients like Apple and Tesla, the group demanded $1.5 million and posted the data after their demand was reportedly ignored. Authorities reportedly noticed suspicious activity on servers in May, preceding the public leak.
serious
Originally published by Jerusalem Post. Summarized and contextualized by our editorial team with added local perspective. Read our editorial standards.