World Leaks (Hunters International rebrand) posted ~858,000 files on its leak site attributed to Reliance Group, a contractor to India's Kudankulam Nuclear Power Plant; Reliance confirmed a partial breach from a server hosted by third-party Indian data-centre provider Yotta, and Reuters reviewed ~19,000 sensitive files (blueprints, supplier/inspection records) whose authenticity is not established in the cited reporting (Reuters via The Week, 2026-07-15).
Aliases: Kudankulam nuclear files leak, Reliance Group Yotta breach
2 techniques observed across 1 entry — derived from entry metadata and body evidence, never asserted without a published entry behind it · pinned to MITRE ATT&CK v19.1 · compare on the matrix · Navigator layer (JSON)
Initial Access TA0001
T1199Trusted Relationship×1
Adversaries may breach or otherwise leverage organizations who have access to intended victims. Access through trusted third party relationship abuses an existing connection that may not be protected or receives less scrutiny than standard mechanisms of gaining access to a network.
active-threatsWorld Leaks leaks ~858k files from a Kudankulam nuclear-plant contractor breached at a third-party data-centre host — a lesson for energy-CI operators
The data-theft-extortion group World Leaks — the rebrand of Hunters International already tracked in this store — posted roughly 858,000 files on its dark-web leak site attributed to Reliance Group, a contractor involved in India's Kudankulam Nuclear Power Plant (KNPP), the country's largest nuclear facility (The Week / Reuters, 2026-07-15). Reuters reviewed a subset of about 19,000 files dated 2016–2025 that purport to show facility blueprints, supplier details, meeting and inspection records, equipment reviews and insurance policies; the files are only claimed to originate from the plant and their authenticity is not established. Reliance Group confirmed to Reuters that a "partial breach" of its data occurred from a server hosted by Yotta, a third-party Indian data-centre provider, and that the government has been informed; India's CERT-In is investigating and a Nuclear Threat Initiative expert warned the exposure could pose a serious plant-safety risk.
They admitted to Reuters that a "partial breach" of its data had taken place from a server hosted by Yotta, a third-party Indian data centre service provider, and that the government has been informed about the incident.
19,000 of these files appeared to be highly sensitive, the report added, noting that the documents were dated between 2016 and 2025, and reportedly featured blueprints, supplier details, meeting and inspection records, equipment reviews and insurance policies.