WarLock claims responsibility for Colt cyberattack, 1M documents for sale

Last week, telecom company Colt Technology Services was hit by a major cyberattack. Now the alleged perpetrators have been identified: WarLock. The method used in the attack also appears to be clear.

A member of the WarLock hacker group has claimed responsibility for the Colt attack. The username is “cnkjasdfgd”; the user claims that one million documents are for sale for $200,000. To prove that the data is legitimate, cnkjasdfgd has already uploaded a sample. It concerns salary data and other financial data, data relating to contracts, personnel, network architecture, the development environment, and emails.

Only internal systems are said to have been affected. Customer data has not been compromised because the systems containing such data are separate from the infrastructure intended for internal use.

SharePoint attack path

It was already known that Microsoft SharePoint vulnerabilities are popular with WarLock ransomware. A recently patched ToolShell zero-day exploit remains a threat to hundreds of SharePoint servers. CVE-2025-53770 is the specific vulnerability. According to security researcher Kevin Beaumont, the attacker enabled remote code execution via the exploit.

Colt told BleepingComputer that it is aware of the WarLock claim and is investigating it. It is unknown whether any ransomware ransom has been demanded or paid. Colt’s customer portal is still offline, including Colt Online and the Voice API platform. Email and telephone contact remain possible.

Daily recovery work

In the first few days after the incident, Colt communicated cautiously about the exact nature of the problem. It was only later confirmed that it was indeed a cyber incident and not a regular technical malfunction.

Since discovering the incident, Colt has been working with external cybersecurity experts on the recovery. The technical team is doing everything possible to get the affected systems back up and running.

Colt has informed the relevant authorities about the incident, as required for such security incidents. The company emphasizes that the safety of its customers, employees, and business operations is its top priority.

WarLock claims responsibility for Colt cyberattack, 1M documents for sale

SharePoint attack path

Daily recovery work

Stay tuned, subscribe!

Dutch lab paid off cybercriminals, but full-scale data leak looms

Amid digital sovereignty concerns, SUSE’s CEO sees opportunities ahead

Connected from curb to gate at Harry Reid International Airport

Rise with SAP vs Grow with SAP: the different SAP ERP journeys

What does HPE Financial Services do?

SAP Sapphire Orlando: Unveiling a new pricing strategy

HPE's rise as a credible virtualization player started with Morpheus acquisition

Meeting future workload demands: the case for emerging memory technologies

How AI and automation are redefining ROI in the enterprise

Enhancing video encoding: The AV1 support in the new ARTPEC-9 System-on-Chip

NULLCON Berlin 2025

bit summit

GITEX DIGI_HEALTH 5.0 - Thailand

VeeamON Tour 2025

IT Arena

Innovation Week 2025

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices