Data Breach Exposes Files Related to India’s Kudankulam Nuclear Power Plant

Data Breach Exposes Files Related to India’s Kudankulam Nuclear Power Plant

A ransomware group known as World Leaks has published a large collection of files on the dark web that it claims are related to India’s Kudankulam Nuclear Power Plant, the country’s largest nuclear power facility. The leaked data reportedly includes blueprints of certain facility components, supplier information, meeting records, inspection documents, equipment reviews, and insurance policies. According to Reuters, the files were labeled as originating from Reliance Group, one of the contractors involved in the project. The Kudankulam Nuclear Power Plant, located in the southern Indian state of Tamil Nadu, plays an important role in India’s plans to expand its nuclear energy capacity under Prime Minister Narendra Modi’s broader energy strategy.

Reliance Group, led by businessman Anil Ambani, acknowledged that a partial data breach had occurred on a server hosted by third party data center provider Yotta. The company stated that the incident had been reported to the relevant government authorities but did not disclose the exact nature of the compromised information. Cybersecurity researcher Rakesh Krishnan, who first alerted Reuters about the leak, said nearly 19,000 files totaling approximately 14.3 gigabytes associated with the search term “KKNP” had been publicly available since June 11. Reuters reviewed documents dated between 2016 and mid 2025 but noted that it could not independently verify their authenticity. The leaked files appeared to include blueprints for ventilation and cooling systems, supplier proposals, approved vendor lists, equipment photographs, inspection records, meeting notes, and insurance documentation. These files represented what appeared to be the most sensitive portion of a larger collection of approximately 858,000 Reliance related files published by World Leaks. Reliance Infrastructure secured a contract in 2018 to design and build infrastructure for Units 3 and 4 of the Kudankulam project, both of which remain under construction and are expected to become operational by 2027 with a combined capacity of 2,000 megawatts. World Leaks has previously targeted major Indian organizations, including Tata Group, and has claimed responsibility for publishing stolen corporate data after ransom demands were not met.

The incident has prompted investigations by multiple organizations. According to a source familiar with the matter, Nuclear Power Corporation of India has been coordinating with Reliance while Indian Computer Emergency Response Team is investigating the reported breach. After Reuters published its report, Nuclear Power Corporation stated that the leaked information relates only to common service facilities and does not involve nuclear safety or nuclear security systems. India’s Department of Atomic Energy declined to comment, while CERT In and the Prime Minister’s Office did not immediately respond to media inquiries. Yotta stated that it detected suspicious activity on May 29 involving a server used by Reliance Infrastructure and immediately stopped the activity before any suspected ransomware execution could proceed. However, the company said Reliance Infrastructure later informed it that external threat actors were claiming responsibility for a data breach. Yotta added that it has not independently verified those claims but has shared its technical investigation findings with Reliance and continues to support the ongoing investigation.

Although the leaked documents do not appear to involve the nuclear reactors’ core systems supplied by Russia’s state owned Rosatom, cybersecurity experts warn that supporting infrastructure information can still pose security risks. The files reportedly include floor layouts for a common control room, ventilation and cooling system blueprints, vendor details, and records of inspections carried out by Nuclear Power Corporation and Reliance. One document also reportedly outlines an insurance policy valued at approximately 112 million dollars covering Units 3 and 4 against specific security related incidents. Experts believe such information could allow malicious actors to better understand the plant’s support systems, identify suppliers, and analyze potential weaknesses in the security chain. Nickolas Roth of Nuclear Threat Initiative stated that the information could reveal not only who has access to the project but also the systems connected to that access. The incident also highlights broader cybersecurity challenges in India. According to Surfshark, India recorded approximately 28.9 million compromised accounts last year, ranking third globally behind the United States and France. A separate report by Data Security Council of India and Seqrite found that 73 percent of surveyed organizations were unaware whether they had previously experienced cyberattacks, while 57 percent lacked essential cyber hygiene practices. The Kudankulam facility was previously linked to a cybersecurity incident in 2019 when malware associated with a North Korean hacking group was detected on its administrative network, although Nuclear Power Corporation stated at that time that plant operations and critical systems remained unaffected.

Source

Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.

Post Comment