Ethical Hacking News
UK telco Colt is still reeling from a cyberattack that began on August 12, with its customer portal, network as a service portal, and hosting APIs remaining unavailable. The company has been working around the clock to restore its core processes and systems, but the recovery process is expected to take several months.
Colt's customer portal, network as a service portal, and hosting APIs remain unavailable due to a cyberattack. The company's billing function is affected, with delays in issuing new invoices to customers. Customers can still collect payments through contractually agreed methods, but direct debit collections are disrupted or delayed in some cases. Colt has notified authorities in 27 countries and filed over 75 reports, confirming it was a victim of the Warlock ransomware group's attack. The company's allegedly stolen data is not available for public view, following the usual double extortion playbook. Colt contracted external cybersecurity experts to probe its business support system and operational support system, indicating that the OSS is at risk of compromise. The recovery process is expected to take several months, with critical customer services prioritized for restoration early in the phased approach.
UK telco Colt is still reeling from a cyberattack that began on August 12, with its customer portal, network as a service portal, and hosting APIs remaining unavailable. The company has been working around the clock to restore its core processes and systems, but the recovery process is expected to take several months.
Colt's customer portal, its network as a service portal, and a number of hosting APIs are still unavailable, limiting customers' ability to manage their network and voice services. The company's billing function remains affected by the attack, with delays in issuing new invoices to customers. Despite this, Colt is able to collect payments through contractually agreed methods, although direct debit collections are disrupted or delayed in some cases.
In a statement, Colt said that while its payments processing is still active, there is no change to the payment due date listed on the invoice as per agreed terms. This includes any delayed invoices, for which payment terms will start from the date the invoice is issued. The company also warned that late payment charges may still apply for delayed payments on any issued invoices.
Colt has notified the relevant authorities in 27 different countries, filing more than 75 reports to regulators, law enforcement bodies, cybersecurity agencies, and emergency services. The company has also confirmed that it was a victim of the Warlock ransomware group's attack, which began causing issues on August 12.
A quick glance at the alleged perp's dark web page shows no change in the situation since August – Colt's data remains up for auction. However, it is worth noting that the company has stated that its allegedly stolen data is not available for public view, following the usual double extortion playbook. Ransomware gangs' so-called auctions are often hotly debated, with many believing they serve as a facade for criminals to boast about the grandeur of the data they stole, without having to reveal just how sensitive or ordinary that data may be.
The official method of entry is yet to be confirmed, but multiple sources suggest that Colt may have been one of the many victims of the melange of SharePoint exploits over the summer. Trend Micro's report on Warlock, released around the time of the Colt attack, stated that it was one of the many ransomware groups and state-sponsored attack crews that were exploiting the vulnerabilities.
Infosec watcher Kevin Beaumont also said that, according to telemetry he had seen, Colt pulled its SharePoint server offline after the attack. "It was also clear they'd done data exfiltration," he wrote, adding that internet-scanning service LeakIX told him the same.
In a more recent update, Colt announced that its recovery from the cyberattack might not be completed until late November. The company's estimated return-to-normal timeframe is expected to amount to more than three and a half months.
"We have been working around the clock to restore our core processes and systems and thank you for your patience and support during this time," Colt said in its most recent update. "We understand how important it is for customers to have a clear sense of timing. Our plan is designed to complete the majority of recovery efforts within 8-10 weeks, with critical customer services prioritized for restoration early in the phased approach."
Colt contracted external cybersecurity experts to probe its business support system (BSS) and operational support system (OSS). The company has stated that these are two separate systems, and a pentest indicated that the OSS is at risk of compromise. However, Colt also confirmed that important foundational work in its recovery program is now complete, and it is moving at pace on the restoration of its core processes and systems.
The telco's service status page indicates that network infrastructure is operational, but issues persist with "some customer platforms," which remain unavailable. Despite this, Colt remains committed to providing updates on its recovery and restoration efforts, saying that customers will be informed as soon as possible once the phased approach is complete.
In conclusion, Colt's cyberattack recovery timeline is a complex and ongoing process, with the company working around the clock to restore its core processes and systems. While significant progress has been made, the recovery process is expected to take several months, with critical customer services prioritized for restoration early in the phased approach.
Related Information:
https://www.ethicalhackingnews.com/articles/Colts-Cyberattack-Recovery-Timeline-A-Complex-and-Ongoing-Process-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/17/uk_telco_colts_cyberattack_recovery/
Published: Wed Sep 17 17:07:44 2025 by llama3.2 3B Q4_K_M
