A ransomware group has released sensitive documents on the dark web, claiming they are connected to India’s largest nuclear power facility, the Kudankulam Nuclear Power Plant. The leaked files reportedly include blueprints of the plant and supplier information, attributed to Reliance Group, a contractor involved in the project.
Situated in Tamil Nadu, Kudankulam is the biggest among India’s seven nuclear plants and plays a crucial role in Prime Minister Narendra Modi’s strategy to expand the nation’s atomic energy capacity. Reliance Group, owned by businessman Anil Ambani, acknowledged a “partial breach” of its data hosted on a server managed by the Indian data center provider Yotta. The company confirmed that authorities have been notified but did not specify the nature of the compromised data.
Experts warn that such a breach could pose significant safety risks to the plant. Nickolas Roth, senior director at the Nuclear Threat Initiative, highlighted the growing frequency of cyberattacks in India, where many organizations remain inadequately prepared to counter such threats.
The leaked documents, dated from 2016 to mid-2025, include blueprints, supplier details, meeting and inspection records, equipment reviews, and insurance policies. Although the authenticity of these files could not be independently verified, they represent the most sensitive portion of approximately 858,000 files from Reliance posted on the World Leaks website.
Reliance Infrastructure, a subsidiary of the conglomerate, secured a contract in 2018 to design and construct infrastructure for Units 3 and 4 of the plant. These units, currently under construction, are expected to be operational by 2027 and will collectively add 2,000 megawatts of capacity.
World Leaks, known for targeting major corporations such as Nike and Tata Group, did not respond to inquiries regarding the Reliance breach. The group typically publishes stolen data after ransom demands go unmet. Their website is accessible only via specialized browsers. In a related incident in June, World Leaks demanded $1.5 million from Tata Group for files containing confidential designs for clients including Apple and Tesla, releasing the data after the demand was ignored.
Suspicious activity was detected on May 29 on a server hosted by Yotta for Reliance Infrastructure. The activity was promptly halted, and ransomware execution was prevented. However, Reliance Infrastructure reported the breach claims at the end of June. Yotta has shared its technical findings with Reliance and is supporting ongoing investigations but has not confirmed the threat actor’s claims.
The Nuclear Power Corporation of India, responsible for commissioning and operating the country’s nuclear plants, is coordinating with Reliance on the matter. India’s primary cybersecurity agency, CERT-In, is also investigating the incident. Requests for comments from Nuclear Power Corporation Chairman Rajesh Veeraraghavan, CERT-In, and government offices went unanswered.
The leaked documents do not appear to include core reactor systems supplied by Russia’s Rosatom. However, they contain blueprints for ventilation and cooling systems of Units 3 and 4, floor plans of a “common control room,” vendor proposals, approved supplier lists, and records of a 2024 joint inspection meeting with photographs of equipment.
One document suggests that Reliance Infrastructure and the Nuclear Power Corporation hold an insurance policy worth $112 million, covering potential terrorist acts affecting Units 3 or 4. Experts warn that such information could be exploited to map the plant’s support systems, identify suppliers, and reveal security vulnerabilities. Roth emphasized that the files could expose not only personnel access but also the extent of their system reach.
India ranks third globally in data breaches, with 28.9 million compromised accounts last year, trailing only the United States and France. A report by the Data Security Council of India and cybersecurity firm Seqrite found that 73% of surveyed organizations were unaware if they had been attacked, and 57% lacked proper cyber hygiene practices.
This is the second cyber incident linked to the Kudankulam plant. In 2019, malware associated with a North Korean hacker group was detected on the plant’s administrative network. At that time, the Nuclear Power Corporation stated that the issue was promptly investigated and that plant operations were unaffected.