WarLock Ransomware Claims Colt Telecom Attack, Sells Stolen Data
▼ Summary
– Colt Technology Services is experiencing a multi-day outage due to a cyberattack affecting hosting, porting, Colt Online, and Voice API platforms.
– The attack began on August 12, and the company is working to mitigate its effects, with no estimated restoration time for affected systems.
– A threat actor claiming to be part of the WarLock ransomware gang offered to sell stolen Colt documents, including financial, employee, and customer data.
– Security researcher Kevin Beaumont suggests the breach may have exploited a critical Microsoft SharePoint vulnerability (CVE-2025-53770).
– Colt confirmed it is investigating the claims and working with third-party experts to restore impacted internal systems.
UK telecommunications giant Colt Technology Services is grappling with a significant cyberattack that has disrupted critical operations for multiple days, with hackers now attempting to sell stolen company data. The incident, which began on August 12, has forced the company to take key systems offline, impacting hosting services, customer portals, and voice API platforms.
Colt, a major player in global telecom infrastructure with extensive fiber networks spanning 75,000 km, initially described the event as a “technical issue” before confirming a cybersecurity breach. While core network services remain functional, internal support systems, including Colt Online and Voice API, remain inaccessible. Customers have been advised to use alternative contact methods, with delays expected in response times.
The ransomware group WarLock has claimed responsibility for the attack, with a member using the alias ‘cnkjasdfgd’ offering to sell one million allegedly stolen documents for $200,000. Samples posted on hacker forums reportedly include sensitive financial records, employee details, executive communications, and proprietary software data. Security analysts suggest the breach may have originated from an exploited vulnerability in Microsoft SharePoint (CVE-2025-53770), a critical flaw patched in late July after being actively exploited as a zero-day.
Colt has not yet confirmed the ransomware group’s claims but acknowledged an ongoing investigation involving third-party cybersecurity experts. A company spokesperson stated, “We’re aware of the allegations and are working to restore affected internal systems while prioritizing customer service continuity.” Authorities have been notified, though no timeline has been provided for full system recovery.
The incident highlights the growing risks facing critical infrastructure providers, particularly those managing vast data center networks. With WarLock’s public data dump and ransom demand, the breach could have far-reaching implications for Colt’s clients and partners if sensitive information is further disseminated.
(Source: Bleeping Computer)
