Skip to content
Search AI Powered

Latest Stories

Submit Guest Post

Ransomware gang posts 19,000 files allegedly linked to India's largest nuclear plant in Tamil Nadu

A Reuters investigation found that ransomware group World Leaks posted thousands of files allegedly tied to India's Kudankulam Nuclear Power Plant, raising concerns about cybersecurity, critical infrastructure protection, and potential risks to one of the country's largest energy projects.

Kudankulam Nuclear Power Plant

The leaked material includes about 19,000 files selected from a larger collection of approximately 858,000 files allegedly stolen from Reliance. Reuters reviewed the documents, which were dated between 2016 and mid-2025, but could not independently verify their authenticity.

A ransomware group has published what it claims are thousands of sensitive files linked to India's largest nuclear power plant, prompting a government investigation and raising fresh concerns about the cybersecurity of critical infrastructure as reported by Reuters in an exclusive report.

Reuters reported that the ransomware group World Leaks uploaded a cache of documents on the dark web that it labeled as originating from India's Reliance Group, a contractor involved in the expansion of the Kudankulam Nuclear Power Plant in the southern state of Tamil Nadu.


The Kudankulam facility is India's largest nuclear power station and plays a central role in Prime Minister Narendra Modi's plans to significantly expand the country's nuclear energy capacity.

According to Reuters, the leaked material includes about 19,000 files selected from a larger collection of approximately 858,000 files allegedly stolen from Reliance. Reuters reviewed the documents, which were dated between 2016 and mid-2025, but could not independently verify their authenticity.

The documents reportedly include blueprints for ventilation and cooling systems, layouts of a common control room, supplier lists, inspection records, equipment reviews, meeting documents, and insurance policies related to the plant's expansion.

Reliance Group acknowledged the cybersecurity incident in a statement to Reuters, saying there had been a "partial breach" involving data stored on a server hosted by Indian data center provider Yotta. The company said Indian government authorities had been informed but did not specify what information may have been compromised.

Yotta said it detected suspicious activity on May 29 involving a Reliance Infrastructure server hosted at its facilities. According to the company, the activity was immediately halted and suspected ransomware execution was prevented. However, Yotta said Reliance later informed it that external threat actors had claimed to possess stolen data. The company added it has not independently verified those claims and has shared its technical findings with investigators.

Reuters also reported that India's Nuclear Power Corporation, which operates the country's nuclear plants, has been coordinating with Reliance following the incident. India's Computer Emergency Response Team (CERT-In) is investigating, according to a source familiar with the matter. The Nuclear Power Corporation, CERT-In, India's Department of Atomic Energy, and Prime Minister Modi's office did not publicly comment.

Cybersecurity experts say the leak could have significant security implications even if it does not involve the reactors' core systems, which are supplied by Russia's state-owned Rosatom.

Nickolas Roth, senior director at the Nuclear Threat Initiative, told Reuters the breach could pose a "serious" risk to plant safety.

The leaked files could "show an adversary not just who has access to the project but which systems that access reaches," said Roth.

One document reportedly outlines an insurance policy worth $112 million covering potential terrorism-related damage to Units 3 and 4, while other files appear to identify approved suppliers and contain photographs from joint inspections conducted in 2024.

World Leaks has previously claimed responsibility for attacks targeting major companies including Nike and India's Tata Group. Reuters reported that the group typically publishes stolen corporate data after victims refuse to pay ransom demands.

The incident also highlights broader cybersecurity challenges in India. According to cybersecurity company Surfshark, India ranked third globally last year for compromised accounts, with 28.9 million affected. A separate industry report found many Indian organizations remain unprepared for cyberattacks, with 73% uncertain whether they had previously been breached and 57% lacking basic cyber hygiene practices.

The Kudankulam plant was previously linked to a cyber incident in 2019, when malware associated with a North Korean hacking group was discovered on its administrative network. Officials at the time said operational systems were not affected.