A ransomware group has published thousands of files allegedly linked to India’s largest nuclear power plant, Kudankulam, raising concerns about cybersecurity and the protection of critical infrastructure. The documents, reportedly stolen from contractor Reliance Group, include what appear to be engineering blueprints, supplier information, inspection records, and insurance documents. While Indian authorities are investigating the incident, experts warn that even if reactor systems were not compromised, the leaked information could still pose significant security risks.
Ransomware Group Publishes Sensitive Files
Cybercriminal group World Leaks posted what it claims are more than 19,000 sensitive files related to the Kudankulam Nuclear Power Plant on the dark web.
The files form part of a much larger cache of approximately 858,000 documents allegedly stolen from Reliance Group, one of the contractors involved in the project.
Reuters reviewed portions of the documents but said it could not independently verify their authenticity.
Stay ahead of the geopolitical week.
MD Briefing delivers expert analysis across five global fronts — the Indo-Pacific, energy, geoeconomics, European security, and the Middle East — every Monday morning. Free.
Reliance Confirms Partial Data Breach
Reliance Group acknowledged that a partial data breach had occurred on a server hosted by Indian data center provider Yotta.
The company said the Indian government had been informed but did not specify which files may have been compromised.
Yotta stated that it detected suspicious activity on one of Reliance Infrastructure’s servers on May 29, saying the attempted ransomware execution was stopped immediately.
However, the company later learned that external threat actors claimed to possess stolen data and said it is supporting an ongoing investigation.
What the Leaked Files Contain
According to Reuters, the leaked documents reportedly include:
- Engineering blueprints for ventilation and cooling systems.
- Floor layouts of a common control room.
- Equipment inspection reports.
- Supplier lists and vendor proposals.
- Meeting records and project documentation.
- Insurance policies related to the construction project.
The files primarily relate to Units 3 and 4 of the Kudankulam Nuclear Power Plant, which are currently under construction and are expected to become operational by 2027.
Importantly, the documents do not appear to include designs for the nuclear reactors themselves, which are supplied by Russia’s state owned Rosatom.
Experts Warn of Security Risks
Although no evidence suggests that operational reactor systems were compromised, cybersecurity and nuclear security experts say the leaked information could still be valuable to hostile actors.
Nickolas Roth of the Nuclear Threat Initiative warned that detailed infrastructure documents could help adversaries identify support systems, contractors, supply chains, and potential security weaknesses surrounding the facility.
Rather than targeting reactor controls directly, attackers could potentially exploit vulnerabilities within associated infrastructure or third party suppliers.
Investigation Underway
India’s Computer Emergency Response Team (CERT In) is investigating the breach alongside the Nuclear Power Corporation of India, according to a source familiar with the matter.
Neither the Department of Atomic Energy nor the Prime Minister’s Office publicly commented on the investigation.
World Leaks, which has previously targeted major companies including Tata Group and Nike, did not respond to requests for comment.
The ransomware group is known for publishing stolen corporate data after victims refuse to pay ransom demands.
India’s Growing Cybersecurity Challenge
The incident comes amid growing concerns over cybersecurity across India’s critical infrastructure.
According to cybersecurity company Surfshark, India recorded 28.9 million compromised accounts last year, making it one of the countries most affected by data breaches globally.
A recent industry survey also found that many Indian organizations remain poorly prepared for cyberattacks, with a majority lacking comprehensive cybersecurity practices.
This is also not the first cyber related incident involving the Kudankulam nuclear facility. In 2019, malware linked to a North Korean hacking group was detected on the plant’s administrative network, although officials said operational systems were not affected.
Why This Matters
Critical infrastructure is becoming an increasingly attractive target for cybercriminals and state linked actors. Even when reactor control systems remain isolated and secure, leaks involving engineering plans, contractor information, and facility layouts can provide valuable intelligence for future cyber or physical attacks. The incident also highlights the growing importance of protecting third party contractors that often manage sensitive infrastructure data.
Analysis
The Kudankulam breach demonstrates that modern cyber threats increasingly target the broader supply chain rather than the most heavily protected systems themselves. Nuclear facilities typically maintain strict separation between operational control systems and external networks, making direct cyberattacks difficult. However, contractors, engineering firms, and cloud service providers often possess sensitive project information that may be less securely protected.
For India, the incident comes at a critical time as the country rapidly expands its nuclear energy program to meet rising electricity demand and support long term climate goals. As more strategic infrastructure projects rely on digital collaboration among multiple contractors, cybersecurity across the entire supply chain becomes as important as securing the facilities themselves.
The case also reflects a broader global trend. Ransomware groups are increasingly targeting infrastructure operators not only for financial gain but also because stolen engineering and operational documents can carry significant strategic value. Whether or not the leaked files ultimately prove authentic, the incident reinforces the need for stronger cybersecurity standards, regular audits, and closer coordination between governments and private contractors responsible for critical national infrastructure.
With information from Reuters.

