UK telecoms firm Colt Technology Services has been hit by a cyber attack that's been claimed by the Warlock ransomware gang.
The incident first unfolded on Tuesday 12th August, when the company detected issues on an internal system. In a blog post confirming the cyber attack, the company said the affected system is separate from customer infrastructure.
"We took immediate protective measures to ensure the security of our customers, colleagues, and business, and we proactively notified the relevant authorities," said the firm.
The company also took some systems offline, disrupting support services including the Colt Online customer portal and the company's Voice API platform, which allows customers to automate and manage their voice services.
Colt Technology Services asking customers to get in touch via email or phone.
It's not known just how the attack happened, but according to security researcher Kevin Beaumont, the entry point was probably sharehelp.colt.net, via the SharePoint vulnerability CVE-2025-53770.
This allows attackers to steal cryptographic keys from unpatched servers, enabling remote code execution (RCE) through malicious requests.
Beaumont said the attack appears to have been carried out by the Warlock ransomware group - a recent arrival on the scene, but a group that's already been linked to around a dozen confirmed cyber attacks, mainly in the government, finance, manufacturing, and technology sectors.
In this latest attack, said Beaumont, Warlock stole 'a few hundred gig' of customer data and documentation and posted a file list on a Russian Tor forum offering the data for sale.
The group said it was selling a million documents, including employee salary data, financial data, customer contract data, personal information on company executives and employees, network architecture, and software development data.
Beaumont said he has established that the file names are real, including, for example, customer documentation and performance reviews of Colt staff.
Colt is the latest telecoms firm hit by hackers
The incident is the latest in a string of attacks on telecoms companies across Europe, with French providers Orange and Bouygues Telecom both hit during the last month alone.
French cybersecurity agency ANSSI issued a warning about state-sponsored threats targeting the country’s telecommunications sector for espionage, saying there had been multiple compromises in recent years.
Similar attacks on US phone providers have been attributed to the China-linked Salt Typhoon hacking group.
"We’ve seen already this year that telecom is particularly vulnerable to attacks, and I think this WarLock attack highlights some recurring issues that telecom and large-scale network service providers are starting to see," commented Gabrielle Hempel, security operations strategist at Exabeam.
"There’s this operational ripple effect when you’re a service provider and support-layer services go down. Even though Colt claims its core network infrastructure is still intact, the outage of hosting, porting, and API services still disrupts customer trust and downstream operations."
Patch timelines need to improve, Hempel added, so that SharePoint RCE or similarly severe vulnerabilities for externally accessible systems dealt with within hours, not weeks.
"For critical infrastructure providers, RCE patch pipelines need to be prioritized and automated wherever possible for internet-facing services," she said.
"Essentially, in high-value and high-availability industries like telecom, security SLAs need to be as strict, if not stricter, than availability SLAs."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
The pros and cons of AI coding in ITIn-depth Businesses must weigh up the benefits, challenges, and key considerations when using generative AI coding tools
-
Huawei is supporting businesses when it comes to strategic AI adoptionThe lessons of digital and intelligent transformation, with help from partners like Huawei, can offer a roadmap for how to implement AI
-
A malicious MCP server is silently stealing user emailsNews Koi Security says it's discovered the first malicious MCP server in the wild, exposing a risk to the entire ecosystem
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber skills shortages are pushing firms into dangerous shortcuts – and it’s putting them at huge risk of security breachesNews Chronic cyber skills shortages mean many businesses are implementing quick fixes
-
Pentesters are now a CISOs best friend as critical vulnerabilities skyrocketNews Attack surfaces are expanding rapidly, but pentesters are here to save the day
-
Hackers are disguising malware as ChatGPT, Microsoft Office, and Google Drive to dupe workersNews Beware of downloading applications like ChatGPT, Microsoft Office applications, and Google Drive through search engines
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
A terrifying Microsoft flaw could’ve allowed hackers to compromise ‘every Entra ID tenant in the world’News The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
