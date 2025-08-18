Last week, telecom company Colt Technology Services was hit by a major cyberattack. Now the alleged perpetrators have been identified: WarLock. The method used in the attack also appears to be clear.

A member of the WarLock hacker group has claimed responsibility for the Colt attack. The username is “cnkjasdfgd”; the user claims that one million documents are for sale for $200,000. To prove that the data is legitimate, cnkjasdfgd has already uploaded a sample. It concerns salary data and other financial data, data relating to contracts, personnel, network architecture, the development environment, and emails.

Only internal systems are said to have been affected. Customer data has not been compromised because the systems containing such data are separate from the infrastructure intended for internal use.

SharePoint attack path

It was already known that Microsoft SharePoint vulnerabilities are popular with WarLock ransomware. A recently patched ToolShell zero-day exploit remains a threat to hundreds of SharePoint servers. CVE-2025-53770 is the specific vulnerability. According to security researcher Kevin Beaumont, the attacker enabled remote code execution via the exploit.

Colt told BleepingComputer that it is aware of the WarLock claim and is investigating it. It is unknown whether any ransomware ransom has been demanded or paid. Colt’s customer portal is still offline, including Colt Online and the Voice API platform. Email and telephone contact remain possible.

Daily recovery work

In the first few days after the incident, Colt communicated cautiously about the exact nature of the problem. It was only later confirmed that it was indeed a cyber incident and not a regular technical malfunction.

Since discovering the incident, Colt has been working with external cybersecurity experts on the recovery. The technical team is doing everything possible to get the affected systems back up and running.

Colt has informed the relevant authorities about the incident, as required for such security incidents. The company emphasizes that the safety of its customers, employees, and business operations is its top priority.

