Kudankulam Nuclear Plant Cyberattack: 19,000 Sensitive Documents Leaked on Dark Web

Chennai/New Delhi: A major cybersecurity breach has raised fresh concerns over the security of India’s critical infrastructure after a ransomware group allegedly leaked nearly 19,000 sensitive documents related to the Kudankulam Nuclear Power Plant (KKNPP) on the dark web. Although officials maintain that the plant’s operational reactor systems remain secure, cybersecurity experts have described the incident as a serious breach that underscores the growing cyber threats facing strategic national assets.

Sensitive Project Files Surface Online

The leaked archive reportedly contains approximately 14.3 GB of data, including engineering drawings, infrastructure layouts, supplier information, inspection reports, meeting records and insurance documents linked to Units 3 and 4 of the Kudankulam Nuclear Power Project, which are currently under construction in Tamil Nadu.

The documents are believed to have been uploaded by the ransomware group World Leaks, which claimed to have obtained the data from systems associated with one of the project’s contractors. The files reportedly appeared on the dark web in June and were later identified by independent cybersecurity researchers.

Reliance Infrastructure Confirms Partial Data Breach

Reliance Infrastructure, a contractor involved in the Kudankulam expansion project, acknowledged that there had been a partial breach involving data stored on servers hosted by third-party data centre operator Yotta. The company said it had informed the government about the incident but did not disclose the exact nature of the compromised data.

Yotta stated that it detected suspicious activity on one of the Reliance-hosted servers in late May and immediately halted the attempted ransomware execution. The company added that while threat actors later claimed to possess stolen data, investigations are continuing to verify the extent of the breach.

Reactor Control Systems Unaffected

Authorities and cybersecurity experts have stressed that there is no evidence to suggest that the cyberattack affected the nuclear plant’s reactor control systems or operational technology networks.

The leaked material appears to relate primarily to engineering, construction and administrative infrastructure connected with Units 3 and 4 rather than the nuclear reactors themselves. The reactor systems at Kudankulam are supplied separately by Russia’s state-owned nuclear corporation, Rosatom.

What the Leaked Files Allegedly Contain

According to reports, the leaked documents include:

  • Engineering blueprints of ventilation and cooling systems.
  • Layouts of common control rooms.
  • Vendor proposals and approved supplier lists.
  • Equipment inspection and quality review reports.
  • Internal meeting records.
  • Construction-related project documents.
  • Insurance policies covering Units 3 and 4.

Cybersecurity specialists warn that although these documents do not directly compromise reactor operations, they could potentially help hostile actors understand the plant’s infrastructure, supply chain and support systems.

CERT-In and NPCIL Investigating

The Indian Computer Emergency Response Team (CERT-In) and the Nuclear Power Corporation of India Limited (NPCIL) are investigating the breach to determine how the data was accessed and whether any classified information has been exposed.

Officials are also examining whether the leaked documents pose any national security risks and whether additional cybersecurity measures are required to strengthen protection of India’s critical infrastructure.

Experts Raise National Security Concerns

Cybersecurity experts have cautioned that the exposure of engineering drawings and infrastructure details could be valuable to malicious actors. While the plant’s operational systems remain isolated, information related to contractors, vendors and support facilities could potentially be exploited in future cyber or physical attacks.

The incident also highlights the growing vulnerability of supply chains, where contractors and third-party service providers are increasingly becoming targets for ransomware groups.

Second Cybersecurity Incident Linked to Kudankulam

This is the second major cybersecurity scare associated with the Kudankulam Nuclear Power Plant.

In 2019, malware linked to the North Korea-associated Lazarus Group was detected on the plant’s internet-connected administrative network. At that time, NPCIL clarified that the malware did not reach the plant’s isolated operational systems and that electricity generation remained unaffected.

The latest incident once again highlights the need for stronger cybersecurity safeguards across India’s expanding nuclear energy sector.

A Wake-Up Call for Critical Infrastructure

As India accelerates its nuclear power expansion to meet rising energy demand and clean energy goals, cybersecurity experts say protecting digital infrastructure is becoming just as important as safeguarding physical facilities.

The Kudankulam data breach serves as a reminder that cyberattacks targeting contractors and supply chains can expose sensitive project information even when core operational systems remain secure. Strengthening cybersecurity protocols, regular audits and supply chain security will be crucial to protecting the country’s strategic infrastructure against evolving digital threats.

Latest News