Profit

Ransomware group publishes files linked to India’s largest nuclear plant

Reliance Group confirms a partial data breach as experts warn that leaked blueprints, supplier records and control-room layouts could expose security weaknesses

Reuters

Reuters

July 17, 2026

3 min read
Ransomware group publishes files linked to India’s largest nuclear plant

BENGALURU: A ransomware group has published nearly 19,000 files linked to India’s largest nuclear power plant, including alleged facility blueprints, supplier records and inspection documents associated with Reliance Group.

The files relate to the Kudankulam Nuclear Power Plant in Tamil Nadu, which is central to Prime Minister Narendra Modi’s plans to expand India’s nuclear energy capacity.

Indian businessman Anil Ambani’s Reliance Group, a contractor at the plant, confirmed that there had been a “partial breach” of data stored on a server operated by third-party data centre provider Yotta. The group did not specify which records were compromised but said the government had been informed.

Cybersecurity researcher Rakesh Krishnan said almost 19,000 files totalling 14.3 gigabytes appeared under the search term “KKNP”, an abbreviation for the plant, on the dark-web site of ransomware group World Leaks. The files have reportedly been available since June 11 and form part of a wider cache of 858,000 Reliance documents.

The records, dated between 2016 and mid-2025, purportedly include meeting minutes, inspection reports, equipment assessments, insurance documents and blueprints.

They do not appear to cover the reactors’ core systems, which were supplied by Russia’s state-owned Rosatom. However, the leaked material allegedly includes plans for ventilation and cooling systems in Unit 3 and Unit 4, along with the full floor layout of a shared control room.

Reliance Infrastructure secured a contract in 2018 to build infrastructure for the two units, which are expected to add a combined 2,000 megawatts of generation capacity by 2027.

Other leaked files reportedly include vendor proposals, lists of approved suppliers and records of a joint inspection conducted in 2024. One document appears to show that Reliance Infrastructure and the Nuclear Power Corporation of India had secured insurance coverage of $112 million in the event of a terrorist attack on either unit.

Nickolas Roth, senior director at the Nuclear Threat Initiative, said the breach could present a serious risk to the plant’s security.

He said the records could potentially allow hostile actors to map support systems, identify contractors and determine which areas of the project could be accessed through different suppliers.

Yotta said it detected suspicious activity on May 29 on a server belonging to Reliance Infrastructure. The company said the activity was stopped immediately and an attempted ransomware execution was prevented.

Reliance later informed Yotta at the end of June that external threat actors had claimed to possess stolen data.

The Nuclear Power Corporation of India, which operates the facility, is in contact with Reliance over the incident, while the Indian Computer Emergency Response Team is investigating the breach.

World Leaks has previously targeted companies including Nike and India’s Tata Group. The ransomware group generally publishes stolen corporate data after its payment demands are rejected.

The incident is the second known cyberattack linked to the Kudankulam plant. In 2019, malware associated with a North Korean hacking group was detected on its administrative network. The Nuclear Power Corporation said at the time that the incident was investigated and did not affect plant systems.

India recorded 28.9 million compromised accounts last year, ranking third globally for data breaches after the United States and France, according to cybersecurity company Surfshark.

A separate report by the Data Security Council of India and cybersecurity firm Seqrite found that 73% of 204 surveyed organisations did not know whether they had previously been attacked, while 57% lacked basic cybersecurity practices.


Share:

Comments

Supports: **bold** *italic* [link](url) > quote @mention0/2000
Guest comments require moderation

No comments yet. Be the first to join the discussion!