For more than a month, a large cache of files purportedly linked to the Kudankulam Nuclear Power Plant have been available on the dark web. The data, leaked by ransomware group World Leaks, is purportedly linked to Anil Ambani-led Reliance Group, whose subsidiary, Reliance Infrastructure Ltd, was awarded the Engineering, Procurement and Construction (EPC) contract in 2018 for the plant’s non-nuclear common service facilities, known as the Balance of Plant (BoP).The leaked data, accessed by The Indian Express, includes a 14.3 GB dataset comprising 18,997 files related to the Kudankulam Nuclear Power Plant. These files are part of a much larger cache of 1.2 terabytes containing over 858,000 files purportedly linked to the Anil Ambani-led Reliance Group.A search in the leaked dataset using the term “KKNP” — an acronym for the Kudankulam Nuclear Power Plant — retrieves numerous internal documents, including inspection records, engineering design files for various plant facilities, minutes of meetings, and correspondence between Reliance Infrastructure and the Nuclear Power Corporation of India Ltd (NPCIL) on project execution and construction-related matters.While The Indian Express could not independently verify the authenticity of these documents, a spokesperson of Anil Ambani-led Reliance Group told this newspaper that there had been a “partial breach” of its data on a server hosted by third-party data centre service provider Yotta, and the government had been informed about the incident.In a statement to Reuters, Yotta also maintained that it had noted suspicious activity on May 29 on a server it hosts that belongs to Reliance Infrastructure. It said the activity was immediately terminated and the suspected ransomware execution was prevented.Following reports of data breach, state-owned Nuclear Power Corporation of India Limited (NPCIL), the plant’s operator, also clarified that the leaked information does not pertain to any nuclear safety or security systems and the compromised data relates only to the plant’s conventional Balance of Plant (BoP) common service facilities, for which Reliance Infrastructure Ltd was awarded a contract in 2018.Located in Tirunelveli district of Tamil Nadu, Kudankulam Nuclear Power Plant consists of six units of Pressurised Water Reactors of VVER design, which were established in technical collaboration with Russia. The first two units (KKNPP Units-1 & 2) are already in operation, while Units 3 and 4 are still under construction and are due to be operational by 2027. The remaining two units are at different stages of progress.From layouts to official correspondenceStory continues below this adThe leaked dataset is largely related to Units 3 and 4 of the Kudankulam Nuclear Power Plant and contains documents associated with the EPC contract executed by Reliance Infrastructure Ltd.From tender documents and invoices to engineering drawings and design files for various structures, the folders appear to be organised according to different aspects of the project.The dataset contained folders titled “NPCIL KKNPP Tender Documents,” “KKNP Financials & Invoice Backup,” “KKNP Reactor Building Tender,” “KKNPP Project Status Working Sheet,” “Site Images,” and “KKNP – Compliance Documents.” The folder names suggest the cache includes tender records, financial documents, project status reports, technical and engineering documents, compliance records, quality-related documentation and other project-related material.Some of the documents reviewed by The Indian Express include site layout drawings, correspondence between Reliance Infrastructure Ltd and the NPCIL on project execution, monthly progress reports and records relating to payments made to various vendors, among other project documents. Several files also bear official stamps and signatures. However, the presence of such markings alone does not establish that every document is authentic or that the entire dataset originated from the claimed source.Past data breach: North Korea-linked malware detectedStory continues below this adHowever, this is not the first time that the Kudankulam plant has been linked to a cyber incident. In 2019, a malware attack tied to a North Korean hacker group found on the plant’s administrative network. The cyberattack was carried out using a malware strain known as DTrack.At the time, the National Cyber Coordination Centre (NCCC) received intelligence from a US-based cybersecurity firm indicating that a “threat actor” had compromised the master “domain controllers” of the Kudankulam plant and the Indian Space Research Organisation (ISRO).NPCIL later acknowledged the incident, confirming that malware had been detected on a computer connected to the plant’s administrative network after being alerted by CERT-In in September 2019. It said the infected system was isolated from the plant’s critical internal network, which remained unaffected and was under continuous monitoring.Studies had found that the malware attack on the Kudankulam Nuclear Power Plant (KNPP) was primarily motivated by data theft, technology espionage, and reconnaissance.