Loading weather…

Thousands of files linked to India’s largest nuclear plant surface on dark web

⏱ 4 minute read
nuclear power facility

Web Desk: A ransomware group has published thousands of files it claims are linked to India’s largest nuclear power facility, raising fresh concerns about the cybersecurity of the country’s critical infrastructure as authorities investigate the reported breach.

World Leaks, a ransomware group known for targeting major global corporations, uploaded what it described as documents obtained from India’s Reliance Group, a contractor involved in the expansion of the Kudankulam Nuclear Power Plant in the southern state of Tamil Nadu.

Reuters reviewed the files, which span from 2016 to mid-2025, but could not independently verify their authenticity.

The leaked archive contains approximately 19,000 files that appear to be among the most sensitive documents in a broader collection of roughly 858,000 files attributed to Reliance on the group’s dark web portal.

The documents purportedly include engineering drawings, supplier information, inspection reports, meeting records, equipment assessments and insurance documents related to the nuclear project.

Reliance Group acknowledged that one of its servers experienced what it described as a “partial breach.” In a statement to Reuters, the company said the affected server was hosted by third-party data center operator Yotta and that it had informed the Indian government about the incident.

However, the conglomerate did not disclose what information may have been compromised.

Cybersecurity specialists said any unauthorized disclosure of information related to nuclear infrastructure could present significant security concerns.

Nickolas Roth, senior director at the Nuclear Threat Initiative, said the reported breach could pose a serious risk to the safety of the Kudankulam facility if sensitive technical information was exposed.

The plant is India’s largest nuclear power station and plays a key role in Prime Minister Narendra Modi’s strategy to expand the country’s nuclear energy generation.

Reliance Infrastructure, a subsidiary of Reliance Group, secured a contract in 2018 to design and construct infrastructure for Units 3 and 4 of the facility. The reactors, which remain under construction, are expected to begin operations by 2027 and add a combined 2,000 megawatts of generating capacity.

According to a source familiar with the matter, the Nuclear Power Corporation of India Ltd. (NPCIL) has been coordinating with Reliance following the reported breach, while the Indian Computer Emergency Response Team (CERT-In) has launched an investigation.

The source requested anonymity because of the sensitivity of the issue.

NPCIL Chairman Rajesh Veeraraghavan, CERT-In and India’s Press Information Bureau did not respond to requests for comment. The Department of Atomic Energy declined to comment, and Prime Minister Narendra Modi’s office also did not respond to Reuters’ inquiries.

Yotta said it detected suspicious activity on a server belonging to Reliance Infrastructure on May 29.

The company said it immediately blocked the activity and prevented what appeared to be a ransomware execution. Nevertheless, Reliance Infrastructure informed Yotta toward the end of June that external threat actors had claimed responsibility for a data breach.

Yotta said it has not independently verified those claims but has completed a technical investigation, shared its findings with Reliance Infrastructure and is cooperating with the ongoing inquiry.

World Leaks did not respond to Reuters’ requests for comment regarding the alleged Reliance breach.

The ransomware group typically publishes stolen corporate information on its dark web platform after organizations refuse to meet ransom demands.

In June, the group told Reuters it had demanded $1.5 million from Tata Group after allegedly stealing confidential files that included component designs linked to Apple and Tesla. It later claimed to have released the data after the company declined to pay.

The incident comes amid growing concerns over cybersecurity in India.

According to cybersecurity company Surfshark, India recorded 28.9 million compromised online accounts last year, ranking third globally behind only the United States and France.

Separately, a joint report by the Data Security Council of India and cybersecurity firm Seqrite found that 73% of 204 surveyed organizations did not know whether they had previously suffered a cyberattack, while 57% lacked adequate cybersecurity hygiene measures.

The Kudankulam facility has also faced cyber-related concerns before. In 2019, malware associated with a North Korean hacking group was discovered on the plant’s administrative network. At the time, NPCIL said operational systems remained unaffected after an immediate investigation.

Read more: Karachi innovator Jayant Kumar claims top prize at Harvard business competition

Posts List

Wasim Abbas admits he fell in love several times

Legendary Pakistani actor Wasim Abbas has revealed that he fell in love several times during…

July 15, 2026

ICC releases latest rankings as Green Shirts retain key positions

ICC has released its latest player rankings, with New Zealand's Daryl Mitchell retaining the top…

July 15, 2026

ICC approves major format changes for Men’s Cricket WC and T20 WC

The International Cricket Council (ICC) has approved major changes to the formats of the Men's…

July 15, 2026

Thousands of files linked to India’s largest nuclear plant surface on dark web

A ransomware group has published thousands of files it claims are linked to India's largest…

July 15, 2026
Scroll to Top