Colt Technology Services is battling a serious ransomware attack that has caused ongoing outages and sparked data breach fears.
Quick Summary – TLDR:
- Colt confirmed a cyberattack began on August 12, leading to outages in key systems including Colt Online and Voice API.
- WarLock ransomware group claims responsibility, offering to sell 1 million stolen documents for $200,000.
- Cybersecurity experts suggest a Microsoft SharePoint vulnerability may have been the entry point.
- Colt says its core network remains unaffected but has not provided a recovery timeline.
What Happened?
UK-based telecom provider Colt Technology Services was hit by a ransomware attack allegedly linked to the WarLock group, beginning on August 12. The breach triggered multi-day outages across customer-facing platforms such as Colt Online, hosting, porting, and Voice API services. While the company initially called it a technical issue, it later acknowledged it was a cyber incident.
Colt Faces Critical Disruption
Colt is a global communications provider with a 75,000 km fiber network and operations in over 30 countries, supporting both small businesses and large enterprises. Founded in 1992 and now owned by Fidelity Investments, Colt plays a significant role in delivering secure and high-performance data, voice, cloud, and IT services.
On August 12, customers began experiencing service disruptions. These services remain down, and Colt has urged clients to use email or phone to reach support teams. The company stressed that core infrastructure used to deliver customer services remains unaffected. However, the inability to access support services through portals has frustrated many users.
Ransomware Group WarLock Claims the Attack
The WarLock ransomware gang claimed responsibility for the breach through its dark web site, posting samples of allegedly stolen documents and demanding $200,000 for the full set. A threat actor using the alias “cnkjasdfgd” claimed the loot includes:
- Financial records
- Employee salary data
- Customer contact information
- Internal executive details
- Emails and software development documents
Cybersecurity analyst Kevin Beaumont reviewed a leaked list of 400,000 filenames, confirming it contained genuine Colt documentation and staff evaluations.
Microsoft SharePoint Flaw May Be the Backdoor
Beaumont suspects the attackers exploited a critical remote code execution vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, also referred to as ToolShell. This flaw had been actively exploited as a zero-day since mid-July and was patched by Microsoft on July 21. Colt’s sharehelp.colt.net portal was exposed to the internet, which may have been the breach point.
This type of exploit allows attackers to quietly infiltrate internal systems. Beaumont believes the attackers remained in the network for over a week before launching the ransomware.
Ongoing Investigation and Limited Transparency
Colt has provided minimal technical detail about the attack. It confirmed that authorities have been notified and that a 24/7 investigation is ongoing with help from external cybersecurity experts and forensic analysts.
In multiple statements, Colt emphasized its commitment to restoring internal systems and thanked customers for their patience. The company continues to manually monitor networks and manage incidents while automated tools remain offline.
SQ Magazine Takeaway
Let me be blunt. This is a mess. Colt’s delayed disclosure and vague updates raise questions about transparency. A ransomware gang is parading 1 million files on the dark web, and we still don’t know how deep this breach goes. If Kevin Beaumont’s analysis is right, this was a preventable disaster that came through a known SharePoint vulnerability. For a company trusted with massive global infrastructure, that’s not a small mistake. This isn’t just about downtime; it’s about losing trust in an era when secure communication is everything.
