Colt Telecom attack claimed by WarLock ransomware, data up for sale

What’s new: Colt Technology Services, a UK-based telecommunications company, is experiencing a cyberattack attributed to the WarLock ransomware gang. The attack, which began on August 12, has resulted in a multi-day outage affecting various services, including Colt Online and Voice API platforms. The attackers claim to have stolen one million documents, including sensitive financial and customer data, and are offering this data for sale for $200,000. The initial access is believed to have been gained through a critical remote code execution vulnerability in Microsoft SharePoint (CVE-2025-53770), which was exploited as a zero-day since July 18.

Who’s affected

Colt Technology Services and its customers are impacted, with disruptions to support services and communication channels. The company operates in 30 countries and serves numerous clients across Europe, Asia, and North America.

What to do

• Monitor communications from Colt for updates on service restoration and security measures.
• Review internal security protocols and ensure systems are patched against CVE-2025-53770.
• Consider enhancing monitoring for unusual activity related to customer and financial data.

Sources

• BleepingComputer