Reliance Infrastructure has suffered a ransomware attack that resulted in the leak of roughly 1.2TB of internal files, including sensitive documentation tied to the Kudankulam Nuclear Power Plant. The incident, reported by NewsBytes on July 18, 2026, places one of India's largest infrastructure conglomerates at the center of a data-exposure event with direct implications for critical national energy infrastructure.
What Happened
According to reporting from NewsBytes, threat actors deployed ransomware against Reliance Infrastructure's environment and subsequently exfiltrated and leaked approximately 1.2TB of corporate data. Rather than relying solely on encryption to force payment, the attackers appear to have followed the now-standard double-extortion model: steal first, then leak the data publicly to pressure the victim. The most alarming element of the disclosure is that the stolen trove reportedly contains documents connected to the Kudankulam Nuclear Power Plant, a facility that has previously drawn the attention of state-linked cyber operations. The volume and nature of the leaked material suggest attackers had broad access to internal file shares or document repositories over a sustained period.
What Was Taken
The leaked dataset is reported at approximately 1.2TB, a substantial volume that typically indicates access to bulk file storage rather than a narrow, targeted extraction. The standout category is documentation associated with the Kudankulam Nuclear Power Plant, one of India's flagship nuclear facilities. Depending on the specific contents, such documents could include engineering diagrams, contractor and vendor records, project correspondence, procurement details, or operational documentation. Even administrative and logistical files tied to a nuclear facility carry elevated sensitivity, as they can reveal supply chains, personnel, physical layouts, and third-party relationships that adversaries can weaponize for follow-on targeting.
Why It Matters
This incident sits at the intersection of two high-stakes categories: critical national infrastructure and nuclear-adjacent data. Kudankulam has been a target of interest before, most notably during a 2019 intrusion linked to a state-sponsored group. A 1.2TB leak involving documents tied to the plant raises the prospect that adversaries now hold detailed reference material that could support reconnaissance, social engineering, or targeting of the broader nuclear supply chain. For Reliance Infrastructure, the reputational and regulatory exposure is significant given its role across power, engineering, and infrastructure sectors. For defenders across the industry, it is a reminder that a compromise of a contractor or infrastructure partner can expose data belonging to the most sensitive national assets, even when the flagship facility itself is not directly breached.
The Attack Technique
Specific intrusion details, including the initial access vector and the ransomware family involved, have not been confirmed in the available reporting. However, the pattern is consistent with modern double-extortion ransomware operations. These campaigns commonly begin with phishing, exploitation of internet-facing systems such as VPNs and unpatched edge devices, or the use of stolen or purchased credentials. Once inside, operators typically escalate privileges, move laterally, and stage large volumes of data for exfiltration before deploying encryption payloads. The scale of the leak, roughly 1.2TB, implies the attackers maintained access long enough to identify, collect, and remove bulk file repositories without triggering effective containment.
What Organizations Should Do
- Audit and harden all internet-facing access points, including VPN concentrators, remote access gateways, and edge appliances, and prioritize patching of known-exploited vulnerabilities.
- Enforce phishing-resistant multi-factor authentication on all remote access and privileged accounts to blunt credential-based entry.
- Deploy and tune data loss prevention and egress monitoring to detect large-scale outbound transfers characteristic of pre-encryption exfiltration.
- Segment networks so that sensitive project data, especially anything tied to critical infrastructure or nuclear facilities, is isolated from general corporate file shares.
- Extend security requirements and third-party risk assessments to contractors and partners that handle sensitive infrastructure documentation.
- Maintain tested, offline backups and rehearse incident response and breach-notification procedures so recovery does not depend on attacker cooperation.
Sources: Ransomware attack on Reliance Infrastructure leaks 1.2TB of Kudankulam files