Colt Telecom attack claimed by WarLock ransomware, data up for sale
What’s new: Colt Technology Services, a UK-based telecommunications company, is experiencing a cyberattack attributed to the WarLock ransomware gang. The attack, which began on August 12, has resulted in a multi-day outage affecting various services, including Colt Online and Voice API platforms. The threat actor claims to have stolen one million documents, including sensitive financial and customer data, and is offering them for sale for $200,000. The attack may have exploited a critical remote code execution vulnerability in Microsoft SharePoint (CVE-2025-53770), which was actively exploited as a zero-day since July 18.
Who’s affected
Colt Technology Services and its customers are impacted by the outage and potential data breach. The company operates in 30 countries and serves numerous clients across Europe, Asia, and North America.
What to do
- Monitor communications from Colt for updates on service restoration and security measures.
- Review internal security protocols and ensure that systems are patched against CVE-2025-53770.
- Prepare to respond to potential phishing attempts or other attacks that may arise due to the breach.
