From Our News Desk
Ransomware group World Leaks has dumped a massive cache of highly sensitive files related to India’s largest nuclear power plant on the dark web, including purported blueprints and critical supplier details labelled as stolen from Reliance Group.
The Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu — a cornerstone of India’s nuclear ambitions — now faces grave security concerns following the exposure. The leak threatens to hand adversaries a roadmap to the facility’s vulnerabilities.
Indian businessman Anil Ambani’s Reliance Group, a key contractor for the plant, confirmed a “partial breach” of its data on a server hosted by Yotta Data Services. The company stated that authorities have been informed, though it withheld specifics on the compromised information.
Reliance Infrastructure’s Central Role Under Scrutiny
Reliance Infrastructure secured a major 2018 contract to design and build infrastructure for KKNPP’s Units 3 and 4. These units, still under construction and targeted for 2027 commissioning, will add 2,000 megawatts of vital capacity to the plant.
Yotta reported detecting suspicious activity on May 29 and claimed to have halted a potential ransomware attack. However, Reliance later notified them of external claims regarding the data breach. Yotta has provided technical findings and is cooperating with the investigation.
Explosive Details in the Leaked Cache
Spanning 2016 to mid-2025, the roughly 19,000 most sensitive files include purported engineering blueprints for ventilation and cooling systems in the new units, detailed floor plans of a “common control room,” vendor proposals, approved supplier lists, joint inspection records with photos, and even an insurance policy covering up to $112 million for terrorism-related damage.
While core reactor technology from Russia’s Rosatom appears unaffected, experts fear the support system data could prove devastating. Nickolas Roth of the Nuclear Threat Initiative warned that the breach poses a “serious” risk, potentially allowing adversaries to map weaknesses and exploit supply chains. “They could show an adversary not just who has access to the project but which systems that access reaches,” he said.
Outlets that reviewed samples could not fully authenticate every document, but the volume and specificity have triggered alarm bells across India’s security apparatus.
Investigations Launched as Officials Stay Silent
NPCIL is liaising with Reliance while India’s CERT-In leads the probe. Senior officials, including NPCIL’s chairman and government spokespersons, have not commented publicly.
World Leaks — notorious for hitting targets like Nike and Tata Group — ignored requests for response. The group routinely leaks stolen data when ransom demands are refused.
Echoes of Past Nightmares: DTrack and DarkSeoul
This marks the second major cyber scare for KKNPP. In 2019, DTrack malware from the North Korean Lazarus Group infiltrated the plant’s administrative network. NPCIL contained it to non-critical systems.
DTrack, a powerful RAT and spyware, specializes in stealthy data theft and network reconnaissance. Lazarus-linked variants have struck Indian banks, research facilities, and the nuclear site (complete with hardcoded credentials). The tool remains active through ongoing updates by the group’s subgroups.
DarkSeoul (2013) was a destructive wiper assault by the same actors that paralyzed South Korean banks and media outlets, wiping drives and disrupting ATMs nationwide. Code overlaps with DTrack underscore Lazarus’s long history of evolving tactics — from regional chaos to sophisticated global espionage and financial crimes, including Sony Pictures and WannaCry.
Lazarus (APT38), tied to North Korea since at least 2009, thrives on code reuse, phishing, and targeting strategic assets.
With India ranking among the world’s top data breach hotspots and many entities lagging in basic cyber defenses, this leak exposes dangerous gaps in contractor and third-party security for national assets. As probes intensify, the potential for adversaries to weaponize these blueprints raises urgent questions about the safety of India’s nuclear expansion.