Ethical Hacking News
UK-based telecommunications company Colt Technology Services is dealing with a multi-day outage of its operations, including hosting and porting services, following a ransomware attack allegedly carried out by the WarLock ransomware gang. The breach resulted in significant disruptions to customer communication and the theft of substantial amounts of data, including financial records and internal emails. Despite efforts to mitigate the effects, there remains no clear timeline for restoring affected systems and operations.
Colt Technology Services is facing a multi-day outage affecting its operations, hosting and porting services, and online platforms. The company's IT staff is working around the clock to mitigate the effects of the disruption. Colt has grown into a major telecommunications service provider with an impressive network of 75,000 km of fiber networks linking over 900 data centers. The outage is attributed to a cyberattack that resulted in significant data theft, including financial records and customer details. Threat actor 'cnkjasdfgd' claimed responsibility for the attack, which allegedly stole one million documents worth $200,000. Microsoft SharePoint vulnerability CVE-2025-53770 was exploited by hackers to gain initial access to Colt's systems.
In a recent turn of events, UK-based telecommunications company Colt Technology Services has been grappling with a multi-day outage of some of its operations, including hosting and porting services, as well as its online platforms. The disruption began on August 12, and the company's IT staff is working around the clock to mitigate its effects.
Founded in 1992 under the name City of London Telecommunications (COLT), Colt has since grown into a major telecommunications service provider operating in 30 countries across Europe, Asia, and North America. The company boasts an impressive network of 75,000 kilometers of fiber networks linking over 900 data centers. Despite its substantial size and reach, however, the company is currently facing significant challenges.
Initially, Colt announced that the issue was a result of a "technical problem" without providing any further details or confirmation of a cyberattack. It wasn't until subsequent updates that the true nature of the event was revealed, with the company acknowledging that the attack was indeed a cyber incident, albeit one that has been somewhat downplayed.
In the aftermath of the attack, Colt took specific measures to protect its systems by taking certain services offline as a precautionary measure. Unfortunately for the company's customers, this resulted in the disruption of support services such as Colt Online and Voice API platforms.
The impact on customer communication was also significant, with online portals currently unavailable and clients advised to reach out to Colt via email or phone. The company emphasized that the affected systems are merely support services, not the core infrastructure, but this has done little to alleviate concerns among its customers.
Interestingly, Colt did notify the authorities about the incident without providing any details regarding the perpetrators or the type of attack itself. This lack of transparency has led some to speculate on the nature of the attack and who might be behind it.
A particularly striking aspect of the situation is the claim made by a threat actor using the alias 'cnkjasdfgd' and self-identifying as a member of the WarLock ransomware gang. According to this individual, Colt was targeted by the group, which allegedly stole a considerable amount of data during the attack. This data, including financial records, employee information, customer details, internal emails, and software development files, is now being offered for sale on the black market.
Several data samples have been published to corroborate the authenticity of the stolen files, highlighting the scope of the breach. The total value of the data is estimated at $200,000, consisting of one million documents.
Security researcher Kevin Beaumont has shed some light on the method allegedly used by the hackers to gain initial access to Colt's systems. Beaumont suggests that the hackers exploited a remote code execution vulnerability in Microsoft SharePoint tracked as CVE-2025-53770. This exploit has been utilized as a zero-day since at least July 18, with Microsoft addressing it through a security update on July 21.
While the full extent of the breach is still unknown, Beaumont has confirmed that approximately a few hundred gigabytes of files containing customer data and documentation were stolen during the attack. BleepingComputer contacted Colt to confirm these allegations but did not receive an immediate response.
Related Information:
https://www.ethicalhackingnews.com/articles/Colt-Telecom-Suffers-Multiday-Outage-Due-to-Ransomware-Attack-Allegedly-Claimed-by-WarLock-Group-ehn.shtml
https://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/
https://www.theregister.com/2025/08/15/london_telco_colts_services_disrupted/
https://nvd.nist.gov/vuln/detail/CVE-2025-53770
https://www.cvedetails.com/cve/CVE-2025-53770/
Published: Fri Aug 15 11:32:26 2025 by llama3.2 3B Q4_K_M
