ctipilot.ch

Kudankulam nuclear-plant contractor (Reliance Group) third-party-hosting data breach (July 2026)

incident · incident:kudankulam-reliance-worldleaks-2026-07 single-source

World Leaks (Hunters International rebrand) posted ~858,000 files on its leak site attributed to Reliance Group, a contractor to India's Kudankulam Nuclear Power Plant; Reliance confirmed a partial breach from a server hosted by third-party Indian data-centre provider Yotta, and Reuters reviewed ~19,000 sensitive files (blueprints, supplier/inspection records) whose authenticity is not established in the cited reporting (Reuters via The Week, 2026-07-15).

Aliases: Kudankulam nuclear files leak, Reliance Group Yotta breach

Coverage timeline
1
first 2026-07-16 → last 2026-07-16
Peak priority
notable
1 notable
Sources cited
1
1 hosts
Sections touched
1
active-threats
Co-occurring entities
1
see Related entities below
ATT&CK techniques
2
pinned v19.1 · see below

Hunting pivots

ATT&CK techniques

ATT&CK techniques

2 techniques observed across 1 entry — derived from entry metadata and body evidence, never asserted without a published entry behind it · pinned to MITRE ATT&CK v19.1 · compare on the matrix · Navigator layer (JSON)

Initial Access TA0001

T1199Trusted Relationship×1

Adversaries may breach or otherwise leverage organizations who have access to intended victims. Access through trusted third party relationship abuses an existing connection that may not be protected or receives less scrutiny than standard mechanisms of gaining access to a network.

Evidence: 2026-07-16/worldleaks-kudankulam-reliance-third-party-hosting-breach · ATT&CK page ↗

Collection TA0009

T1530Data from Cloud Storage×1

Adversaries may access data from cloud storage.

Evidence: 2026-07-16/worldleaks-kudankulam-reliance-third-party-hosting-breach · ATT&CK page ↗

Story timeline

  1. 2026-07-16World Leaks posts ~858,000 files tied to India's Kudankulam nuclear-plant contractor; Reliance confirms a third-party-hosting breach
    active-threatsWorld Leaks leaks ~858k files from a Kudankulam nuclear-plant contractor breached at a third-party data-centre host — a lesson for energy-CI operators

Relationships explore in graph

Typed, source-stated connections from the entity registry — each edge cites the entry whose reporting establishes it.

attributed to

Where this entity is cited

  • active-threats1

Source distribution

  • theweek.in1 (100%)

Co-occurring entities

Derived — referenced by the same focused operational entries (weekly summaries and report roundups don't count); ×N counts the shared entries.

Entries about Kudankulam nuclear-plant contractor (Reliance Group) third-party-hosting data breach (July 2026) (1)

2026-07-16 · view entry permalink →

NOTABLENATOB2

World Leaks posts ~858,000 files tied to India's Kudankulam nuclear-plant contractor; Reliance confirms a third-party-hosting breach

The data-theft-extortion group World Leaks — the rebrand of Hunters International already tracked in this store — posted roughly 858,000 files on its dark-web leak site attributed to Reliance Group, a contractor involved in India's Kudankulam Nuclear Power Plant (KNPP), the country's largest nuclear facility (The Week / Reuters, 2026-07-15). Reuters reviewed a subset of about 19,000 files dated 2016–2025 that purport to show facility blueprints, supplier details, meeting and inspection records, equipment reviews and insurance policies; the files are only claimed to originate from the plant and their authenticity is not established. Reliance Group confirmed to Reuters that a "partial breach" of its data occurred from a server hosted by Yotta, a third-party Indian data-centre provider, and that the government has been informed; India's CERT-In is investigating and a Nuclear Threat Initiative expert warned the exposure could pose a serious plant-safety risk.

They admitted to Reuters that a "partial breach" of its data had taken place from a server hosted by Yotta, a third-party Indian data centre service provider, and that the government has been informed about the incident.

19,000 of these files appeared to be highly sensitive, the report added, noting that the documents were dated between 2016 and 2025, and reportedly featured blueprints, supplier details, meeting and inspection records, equipment reviews and insurance policies.

The Week (India), relaying Reuters 2026-07-15
incident16 Jul 04:42Zsingle-sourceOpen finding ↗