Ethical Hacking News
Colt Telecom has been hit by a major cyber attack, leaving its customer portal and Voice API platform offline. In a shocking twist, the attackers have stolen valuable customer data, which they are now auctioning off on the dark web. As the company works to restore its services, it remains unclear what extent of data was stolen and what motivated the attackers.
UK-based telecommunications company Colt Technology Services suffered a devastating cyberattack that left its customer portal and Voice API platform offline.The attackers stole valuable customer data, which is now being auctioned off on the dark web.Colt has admitted to the data theft but claims not to know the extent of the impact yet.The attackers are identified as Warlock ransomware group, known for exploiting widely patched vulnerabilities.Warlock has opted not to leak the stolen data online, raising questions about their motivations.Colt's recovery efforts are ongoing, with no estimated return-to-normal operations date provided.
In a shocking turn of events, UK-based telecommunications company Colt Technology Services has found itself embroiled in a cybersecurity scandal that threatens to undermine the trust of its customers. The company, which provides various telecommunications services to businesses and individuals across the globe, recently suffered a devastating cyberattack that left its customer portal and Voice API platform offline. However, what is even more astonishing is that the attackers, who claim responsibility for the attack, have stolen valuable customer data, which they are now auctioning off on the dark web.
According to reports, Colt's systems were disrupted by the cyberattack on August 12, with the company confirming suspicions of foul play just three days later. Since then, the company has been working tirelessly to restore its services and mitigate the damage caused by the attack. However, in a surprising twist, Colt has recently admitted that data was stolen during the attack, but the exact extent of the theft remains unknown.
In an FAQ section on their website, Colt explained that "some data has been taken" and that they are working to determine the precise nature of the data impacted and notify any affected parties. The company has also offered customers the opportunity to request the full list of file names that were posted to the dark web, a move that is seen as potentially unusual, given that the files are not currently available on Warlock's page.
The attackers, who claim responsibility for the attack, are Warlock ransomware group, which has been known to exploit widely patched vulnerabilities, including the now-patched SharePoint bugs. Researchers at Trend Micro published research into Warlock this week, noting that the group was one of the ransomware and state-sponsored groups exploiting these vulnerabilities with various organizations.
The fact that multiple experts say Warlock is a known abuser of these flaws lends support to the claims made by Infosec watcher Kevin Beaumont in early days of the Colt attack. According to Beaumont, the method of entry into Colt's systems was through the widely exploited SharePoint vulnerabilities. While Trend Micro did not name Colt specifically among Warlock's victims, the fact that multiple experts say the group is a known abuser of these flaws lends weight to Beaumont's claims.
It appears that Warlock burst onto the ransomware scene in June after advertising its wares on RAMP, the Russian cybercrime forum. The group appealed to cybercriminals by encouraging them to contact the group if they wanted to own a Lamborghini, and quickly racked up a healthy list of victims – half of which were government agencies.
The attackers chose to auction off the data rather than extort it from Colt directly. This is an uncommon tactic for ransomware groups, but not entirely unheard of either. One high-profile case in recent years was RansomHub's raid on auctioneering giant Christie's.
However, unlike other ransomware groups that leak their stolen data online to boast about their exploits, Warlock has opted not to do so. This raises questions about the motivations behind the group's actions and whether they are simply trying to sell the data privately or if there is a more sinister purpose at play.
The fact that Colt has not provided an estimated date by which it will return to normal operations adds to the uncertainty surrounding the situation. The company's dedicated incident response team, including external investigators and forensic experts, is working 24/7 to investigate this incident and work closely with law enforcement agencies as part of their investigation.
As the situation unfolds, one thing is clear: Colt's cybersecurity nightmare has left the company facing a daunting task in restoring trust among its customers. The question on everyone's mind is what will happen next, and whether Colt will be able to recover from this devastating cyberattack.
Related Information:
https://www.ethicalhackingnews.com/articles/Colt-Telecoms-Cybersecurity-Nightmare-A-Descent-into-Data-Theft-and-Auctions-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/21/colt_warlock_auction/
Published: Thu Aug 21 08:03:26 2025 by llama3.2 3B Q4_K_M
