Authorities investigate after ransomware group claims to publish sensitive contractor data on the dark web
BENGALURU: A ransomware group known as World Leaks has published thousands of files on the dark web that it claims are linked to India’s Kudankulam Nuclear Power Plant, prompting an official investigation into an alleged cyber breach involving contractor Reliance Group.
The Kudankulam facility in Tamil Nadu is India’s largest nuclear power plant and forms a key part of the government’s strategy to expand nuclear energy capacity. The leaked files reportedly include engineering blueprints, supplier information, inspection records, equipment reviews and insurance documents connected to Units 3 and 4, which remain under construction.
Reuters reviewed the documents but said it could not independently verify their authenticity.
Reliance confirms partial data breach
Reliance Group acknowledged that a partial breach had affected data stored on a server hosted by third-party data centre provider Yotta. The company said it had informed the Indian government but did not specify what information may have been compromised.
Yotta stated that it detected suspicious activity on a Reliance Infrastructure server on May 29 and immediately halted the suspected ransomware attempt. However, it later learned of claims by external threat actors that data had been stolen. The company said it has shared its technical findings with Reliance and continues to support the ongoing investigation.
India’s Computer Emergency Response Team (CERT-In) and the Nuclear Power Corporation of India are also examining the incident.
Security experts raise concerns
Cybersecurity experts warned that if authentic, the leaked documents could expose details about support infrastructure, contractors and operational systems, potentially increasing security risks. However, reports indicate the files do not involve the reactors’ core systems, which are supplied by Russia’s state-owned Rosatom.
The incident also highlights growing cybersecurity challenges in India. Industry reports estimate that nearly 29 million online accounts were compromised in the country last year, while many organisations remain inadequately prepared to detect or respond to cyberattacks.
This is the second known cybersecurity incident associated with the Kudankulam project. In 2019, authorities confirmed malware linked to a North Korean hacking group had infected the plant’s administrative network, although officials said operational systems were not affected.
Investigations into the latest alleged breach remain ongoing.
