Key facts
- Approximately 19,000 sensitive files related to the Kudankulam Nuclear Power Plant (KKNPP) were exposed on the dark web.
- The breach occurred on a server managed by third-party provider Yotta, impacting Reliance Infrastructure.
- The cybercriminal group World Leaks published the data after ransom demands were ignored.
- Core nuclear reactor systems are believed to be unaffected, as they are engineered by Russia's Rosatom.
- Security researchers warn that the exposed data could be used to target the plant's supply chain.
- This is the second cyber incident linked to the KKNPP, following a 2019 malware infection.
A significant data breach has exposed approximately 19,000 sensitive files pertaining to India's Kudankulam Nuclear Power Plant (KKNPP), with the data appearing on the dark web. The compromised documents primarily relate to Units 3 and 4 of the plant, which are currently under construction and expected to be operational by 2027. The incident originated on a server managed by Yotta, a data center provider, and involved a server belonging to Reliance Infrastructure, a subsidiary of the Reliance Group. The cybercriminal group World Leaks published the cache after their ransom demands were reportedly ignored.
The Nuclear Power Corporation of India (NPCIL) and India's central cybersecurity agency, CERT-In, have launched an investigation. They have indicated that the exposed documents do not appear to affect the plant's core nuclear reactor systems, which were engineered separately by Russia's state-owned Rosatom. However, security researchers from the Nuclear Threat Initiative (NTI) have raised concerns that malicious actors could leverage this information to identify vulnerabilities in the plant's support systems and supply chain.
This marks the second cyber incident associated with the Kudankulam plant; a malware infection occurred on its administrative network in 2019, though operational controls remained isolated. The breach also represents the second attack by World Leaks on an Indian company, following a recent incident involving Tata Electronics, a supplier for Apple and Tesla. In that case, World Leaks published over 630 GB of data, including details on the iPhone 18 Pro supply chain and proprietary Tesla files, reportedly after an ignored ransom demand.
