Hackers Expose 19,000 Files, Including Nuclear Blueprints, from India’s Largest Plant on Dark Web
A significant cybersecurity breach has emerged involving the Kudankulam Nuclear Power Plant, India’s largest nuclear facility. The ransomware group World Leaks has released a substantial cache of files on the dark web, reportedly containing sensitive information such as blueprints of the plant and supplier details, which they claim originate from Reliance Group.
Context of the Breach
Located in Tamil Nadu, the Kudankulam Nuclear Power Plant plays a crucial role in India’s energy strategy, particularly under Prime Minister Narendra Modi’s vision for expanding the nation’s nuclear energy capacity. The facility is pivotal among India’s seven nuclear plants and is currently undergoing expansions with Units 3 and 4, expected to be operational by 2027.
Reliance Group, led by businessman Anil Ambani, is one of the contractors involved in the construction and operation of the plant. Following the breach, Reliance confirmed to Reuters that there had been a “partial breach” of data on a server managed by Yotta, a third-party data center service provider. The company has reported the incident to the government, although it has not disclosed the specific data compromised.
Potential Risks and Implications
The data breach raises serious concerns regarding the safety and security of the nuclear facility. Nickolas Roth, a senior director at the Nuclear Threat Initiative, emphasized that the breach could pose a “serious” risk. He noted that such incidents highlight the increasing frequency of cyberattacks in India, where many organizations are ill-prepared to handle these threats.
Independent cybersecurity researcher Rakesh Krishnan reported that nearly 19,000 files, totaling 14.3 gigabytes, related to the nuclear plant have been accessible online since June 11. The documents, dated from 2016 to mid-2025, include blueprints, supplier information, meeting records, inspection logs, and insurance policies, although their authenticity has not been verified.
Previous Breaches and Cybersecurity Landscape
World Leaks is known for its history of targeting major corporations, including Nike and Tata Group. The group typically releases stolen data on its website when companies refuse to meet ransom demands. In a recent case involving Tata Group, World Leaks sought $1.5 million for files containing confidential designs for clients like Apple and Tesla, releasing the data after the company did not comply.
The Nuclear Power Corporation of India is currently in communication with Reliance regarding the breach, and the Indian Computer Emergency Response Team (CERT-In) is investigating the incident. Yotta reported that it detected suspicious activity on May 29, which was promptly addressed, but Reliance informed them of the breach claims by external actors at the end of June.
Content of the Leaked Files
The leaked documents reportedly do not pertain to the core systems of the nuclear reactors, which are supplied by Russia’s state-owned Rosatom. However, they do contain blueprints for the ventilation and cooling systems of Units 3 and 4, as well as detailed layouts of a “common control room.” Other documents include vendor proposals, a list of approved suppliers, and records of inspections, which could potentially expose vulnerabilities in the plant’s security infrastructure.
One notable document suggests that Reliance Infrastructure and the Nuclear Power Corporation have taken out an insurance policy that would provide $112 million in coverage in the event of a terrorist attack on either unit.
Broader Cybersecurity Concerns in India
The implications of this breach extend beyond the immediate risks to the Kudankulam facility. India ranks third globally in terms of data breaches, with 28.9 million accounts compromised last year, trailing only the United States and France. A report by the Data Security Council of India and cybersecurity firm Seqrite indicated that 73% of surveyed organizations were unaware of whether they had ever been attacked, while 57% lacked adequate cyber hygiene practices.
This incident marks the second time the Kudankulam plant has been associated with a cyber event, following the discovery of malware linked to a North Korean hacker group in 2019. At that time, the Nuclear Power Corporation stated that the situation was investigated immediately and that the plant’s operational systems remained unaffected.
As cyber threats continue to evolve, the need for robust cybersecurity measures in critical infrastructure sectors like nuclear energy becomes increasingly urgent. The ongoing investigation into this breach will likely shed light on the vulnerabilities within India’s nuclear sector and the broader implications for national security.
Source: www.jpost.com
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.


