Colt Technology Services confirmed a data breach by the WarLock ransomware group; the company is working to restore disrupted systems.
Colt Technology Services confirmed that threat actors breached its systems and stole some data. The telecoms company is working to restore disrupted systems.
Colt, officially known as Colt Technology Services Group Limited, is a multinational telecommunications company headquartered in London, United Kingdom. It was founded in 1992 as City Of London Telecommunications and initially focused on building a telecoms network in London. Over time, Colt expanded its operations across Europe, Asia, and North America.
The company specializes in providing high-performance connectivity and communication solutions for businesses. Its services include data, voice, cloud, and managed IT services, with a focus on delivering scalable, secure, and reliable network infrastructure. Colt owns and operates a large fiber-optic network connecting thousands of buildings across multiple cities and countries through metropolitan and long-haul networks.
The firm serves a wide range of business clients, from large multinational corporations to smaller enterprises, and operates in over 40 countries with more than 6,000 employees. Colt is known for its strong commitment to customer service, innovation, and sustainability.
Last week, the UK-based company suffered a cyberattack, reportedly caused by WarLock ransomware, resulting in multi-day outages for hosting, porting, Colt Online, and Voice API services.
Threat actors put stolen data up for sale on the Ramp cybercrime forum. The incident began on August 12, and disruptions persist as the company’s IT teams work nonstop to contain the impact and restore affected systems.
Colt initially described the disruption as a “technical issue” but later confirmed it was a cyberattack. The firm shut down systems to mitigate the threat. The company pointed out that Core network infrastructure was not impacted. The company has notified authorities but shared no technical details on the attack, and there is still no timeline for restoring operations.
The popular cybersecurity expert Kevin Beaumont believes that threat actors likely breached sharehelp.colt.net via Microsoft SharePoint flaw CVE-2025-53770, then remained within its network for over a week. The researcher also speculates that Colt is trying to cover it up.
A WarLock affiliate, “cnkjasdfgd,” claimed the attack, offering 1M stolen documents for $200K, including financial, employee, customer, and internal data.
“We recently experienced a cyber incident on a business support system, which is separate to our customers’ infrastructure. Upon detecting the incident, we immediately took steps to contain and investigate the issue.” reads the latest update published on August 21, 2025.
“We are now aware that the threat actor has accessed certain files that may contain data related to our customers. Our immediate priority is to determine the precise nature of the files and what information they contain.”
The Warlock Group (aka Storm-2603) is a Chinese-linked ransomware gang that has been active since at least March 2025, using leaked LockBit and Babuk encryptors. Initially mimicking LockBit ransom notes, they later rebranded with their sites and tools. Their ransom demands vary widely, from hundreds of thousands 450K to several million dollars.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, WarLock ransomware)
