World Leaks posts ~858,000 files tied to India's Kudankulam nuclear-plant contractor; Reliance confirms a third-party-hosting breach
The data-theft-extortion group World Leaks — the rebrand of Hunters International already tracked in this store — posted roughly 858,000 files on its dark-web leak site attributed to Reliance Group, a contractor involved in India's Kudankulam Nuclear Power Plant (KNPP), the country's largest nuclear facility (The Week / Reuters, 2026-07-15). Reuters reviewed a subset of about 19,000 files dated 2016–2025 that purport to show facility blueprints, supplier details, meeting and inspection records, equipment reviews and insurance policies; the files are only claimed to originate from the plant and their authenticity is not established. Reliance Group confirmed to Reuters that a "partial breach" of its data occurred from a server hosted by Yotta, a third-party Indian data-centre provider, and that the government has been informed; India's CERT-In is investigating and a Nuclear Threat Initiative expert warned the exposure could pose a serious plant-safety risk.
They admitted to Reuters that a "partial breach" of its data had taken place from a server hosted by Yotta, a third-party Indian data centre service provider, and that the government has been informed about the incident.
19,000 of these files appeared to be highly sensitive, the report added, noting that the documents were dated between 2016 and 2025, and reportedly featured blueprints, supplier details, meeting and inspection records, equipment reviews and insurance policies.
ATT&CK mapping
2 techniques mapped from the cited reporting · MITRE ATT&CK v19.1
Initial Access TA0001
T1199Trusted Relationship
Adversaries may breach or otherwise leverage organizations who have access to intended victims. Access through trusted third party relationship abuses an existing connection that may not be protected or receives less scrutiny than standard mechanisms of gaining access to a network.
Collection TA0009
T1530Data from Cloud Storage
Adversaries may access data from cloud storage.
AI-generated · no human review · this permalink is the shareable record for the finding · verify operationally critical claims against the linked primary source.