UK telecoms firm Colt Technology Services has been hit by a cyber attack that's been claimed by the Warlock ransomware gang.
The incident first unfolded on Tuesday 12th August, when the company detected issues on an internal system. In a blog post confirming the cyber attack, the company said the affected system is separate from customer infrastructure.
"We took immediate protective measures to ensure the security of our customers, colleagues, and business, and we proactively notified the relevant authorities," said the firm.
The company also took some systems offline, disrupting support services including the Colt Online customer portal and the company's Voice API platform, which allows customers to automate and manage their voice services.
Colt Technology Services asking customers to get in touch via email or phone.
It's not known just how the attack happened, but according to security researcher Kevin Beaumont, the entry point was probably sharehelp.colt.net, via the SharePoint vulnerability CVE-2025-53770.
This allows attackers to steal cryptographic keys from unpatched servers, enabling remote code execution (RCE) through malicious requests.
Beaumont said the attack appears to have been carried out by the Warlock ransomware group - a recent arrival on the scene, but a group that's already been linked to around a dozen confirmed cyber attacks, mainly in the government, finance, manufacturing, and technology sectors.
In this latest attack, said Beaumont, Warlock stole 'a few hundred gig' of customer data and documentation and posted a file list on a Russian Tor forum offering the data for sale.
The group said it was selling a million documents, including employee salary data, financial data, customer contract data, personal information on company executives and employees, network architecture, and software development data.
Beaumont said he has established that the file names are real, including, for example, customer documentation and performance reviews of Colt staff.
Colt is the latest telecoms firm hit by hackers
The incident is the latest in a string of attacks on telecoms companies across Europe, with French providers Orange and Bouygues Telecom both hit during the last month alone.
French cybersecurity agency ANSSI issued a warning about state-sponsored threats targeting the country’s telecommunications sector for espionage, saying there had been multiple compromises in recent years.
Similar attacks on US phone providers have been attributed to the China-linked Salt Typhoon hacking group.
"We’ve seen already this year that telecom is particularly vulnerable to attacks, and I think this WarLock attack highlights some recurring issues that telecom and large-scale network service providers are starting to see," commented Gabrielle Hempel, security operations strategist at Exabeam.
"There’s this operational ripple effect when you’re a service provider and support-layer services go down. Even though Colt claims its core network infrastructure is still intact, the outage of hosting, porting, and API services still disrupts customer trust and downstream operations."
Patch timelines need to improve, Hempel added, so that SharePoint RCE or similarly severe vulnerabilities for externally accessible systems dealt with within hours, not weeks.
"For critical infrastructure providers, RCE patch pipelines need to be prioritized and automated wherever possible for internet-facing services," she said.
"Essentially, in high-value and high-availability industries like telecom, security SLAs need to be as strict, if not stricter, than availability SLAs."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Google wants to take hackers to courtNews You don't have a package waiting for you, it's a scam – and Google is fighting back
-
Laid off Intel engineer accused of stealing 18,000 files on the way outNews Intel wants the files back, so it's filed a lawsuit claiming $250,000 in damages
-
GitHub is awash with leaked AI company secrets – API keys, tokens, and credentials were all found out in the openNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
-
When cyber professionals go rogue: A former ‘ransomware negotiator’ has been charged amid claims they attacked and extorted businessesNews The attackers are alleged to have demanded ransoms of up to $10 million
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
