Colt Technology faces multi-day outage after WarLock ransomware attack
WarLock ransomware hit Colt Telecom, causing outages in hosting, porting, Colt Online, and Voice API since August 12.
UK-based Colt Technology Services suffered a cyberattack, reportedly caused by WarLock ransomware, resulting in multi-day outages for hosting, porting, Colt Online, and Voice API services.
Colt, officially known as Colt Technology Services Group Limited, is a multinational telecommunications company headquartered in London, United Kingdom. It was founded in 1992 as City Of London Telecommunications and initially focused on building a telecoms network in London. Over time, Colt expanded its operations across Europe, Asia, and North America.
The compant specializes in providing high-performance connectivity and communication solutions for businesses. Its services include data, voice, cloud, and managed IT services, with a focus on delivering scalable, secure, and reliable network infrastructure. Colt owns and operates a large fiber-optic network connecting thousands of buildings across multiple cities and countries through metropolitan and long-haul networks.
The firm serves a wide range of business clients, from large multinational corporations to smaller enterprises, and operates in over 40 countries with more than 6,000 employees. Colt is known for its strong commitment to customer service, innovation, and sustainability.
Threat actors put stolen data up for sale. The incident began on August 12, and disruptions persist as the company’s IT teams work nonstop to contain the impact and restore affected systems.
Colt initially described the disruption as a “technical issue” but later confirmed it was a cyberattack. The firm shut down systems to mitigate the threat. The company pointed out that Core network infrastructure was not impacted. The company has notified authorities but shared no technical details on the attack, and there is still no timeline for restoring operations.
The popular cybersecurity expert Kevin Beaumontbelieves that threat actors likely breached sharehelp.colt.net via Microsoft SharePoint flaw CVE-2025-53770, then remained within its network for over a week. The researcher also speculates that Colt is trying to cover it up.
A WarLock affiliate, “cnkjasdfgd,” claimed the attack, offering 1M stolen documents for $200K, including financial, employee, customer, and internal data.
Follow me on Twitter:@securityaffairsandFacebookandMastodon
(SecurityAffairs–hacking,WarLock ransomware)