A ransomware group has allegedly published thousands of files linked to the Kudankulam Nuclear Power Plant on the dark web, including purported blueprints of parts of the facility and supplier details, prompting concerns over a possible cyber breach.
According to media reports, the ransomware group World Leaks claimed the data was obtained from Reliance Infrastructure, a Reliance Group company that serves as one of the contractors for the nuclear power project.
The Nuclear Power Corporation of India Limited (NPCIL), which owns and operates the plant, said its core systems were not compromised and asserted that the leaked documents do not relate to the plant's nuclear safety or security.
"The information claimed to be available in the public domain pertains only to conventional Balance of Plant (BoP) common service facilities and does not relate to any nuclear safety or nuclear security-related systems or information," NPCIL said in a statement.
The 6,000-MW Koodankulam Nuclear Power Plant is being developed jointly by NPCIL and Russia's state-owned Rosatom. While Units 1 and 2 are operational, Units 3, 4, 5 and 6 are at various stages of construction and commissioning.
The NPCIL reiterated that Reliance Infrastructure's contract is limited to conventional, non-nuclear infrastructure. According to the state-owned company, the scope of the contract includes the engineering, procurement, construction and commissioning of common service facilities of a conventional nature—similar to those used in thermal power plants and other industrial facilities—and does not involve nuclear safety or security systems.
The NPCIL further clarified that it provided drawings and technical specifications to bidders as part of the public tendering process. Based on these inputs and project requirements, Reliance Infrastructure prepared detailed engineering drawings in consultation with the respective Original Equipment Manufacturers (OEMs). The designs submitted by Reliance Infrastructure, which met the prescribed technical specifications, were reviewed and subsequently approved by NPCIL.
The reported data breach comes at a time when the Narendra Modi government is pushing to significantly expand India's nuclear power capacity. The Centre launched a nuclear mission last year, adopting a dual-track strategy: increasing conventional nuclear capacity by building new reactors in fleet mode and developing small modular reactors (SMRs) with private sector participation. The government recently enacted the Sustainable Harnessing and Advancement of Nuclear Energy for Transforming India (SHANTI) Act, which allows private companies to own and operate nuclear power plants in the country.
The Reliance Group acknowledged that there had been a "partial breach" involving data hosted on servers operated by third-party data centre provider Yotta. According to the company, Yotta detected and terminated the suspicious activity immediately. It added that the incident was contained and that there was no ransomware execution, data loss or lateral movement within its systems.
A Reuters report cited independent cybersecurity researcher Rakesh Krishnan as saying that nearly 19,000 files, totalling about 14.3 GB, have been available online since June 11 under the search term "KKNP"—an acronym commonly used for the Koodankulam Nuclear Power Plant. The news agency reported that it had reviewed the files, which included meeting and inspection records, equipment reviews and insurance documents, but said it could not independently verify their authenticity.
Reliance Infrastructure had secured the contract to design and build infrastructure for Units 3 and 4 of the project in 2018. The two reactors, with a combined capacity of 2,000 MW, are expected to become operational next year.