{
	"id": "a2d8f3ff-68dd-4182-b95b-1d7896799176",
	"created_at": "2026-04-06T00:10:33.651487Z",
	"updated_at": "2026-04-10T03:21:13.725197Z",
	"deleted_at": null,
	"sha1_hash": "a8e8df1b95d93ccedbc10cca2a35f1342d43365b",
	"title": "Colt Telecom attack claimed by WarLock ransomware, data up for sale",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2338401,
	"plain_text": "Colt Telecom attack claimed by WarLock ransomware, data up for sale\r\nBy Bill Toulas\r\nPublished: 2025-08-15 · Archived: 2026-04-05 14:22:37 UTC\r\nUK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day\r\noutage of some of the company's operations, including hosting and porting services, Colt Online, and Voice API platforms.\r\nThe British telecommunications and network services provider disclosed that the attack started on August 12 and the\r\ndisruption continues as its IT staff works around the clock to mitigate its effects.\r\nFounded in 1992 as City of London Telecommunications (COLT) and acquired by Fidelity Investments in 2015, Colt is a\r\nmajor telecommunications service provider operating in 30 countries across Europe, Asia, and North America. The\r\ncompany employs 75,000 km of fiber networks linking 900 data centers.\r\nhttps://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nServices still offline\r\nInitially, the company announced a “technical issue” without confirming a cyber incident. However, the nature of the event\r\nwas communicated in subsequent status updates.\r\nThe attack forced the firm to take specific systems offline as a protective measure, which affected the operations of support\r\nservices, including Colt Online and the Voice API platform.\r\nCustomer communication through online portals is currently unavailable, and clients are advised to contact Colt by email or\r\nphone and expect slower-than-usual responses.\r\nThe company underlined that the impacted systems are support services, not the core customer network infrastructure.\r\nAs of today, there is no estimation for restoring affected systems and operations.\r\nColt says it has notified the authorities about the incident without providing any details about the perpetrators or the type of\r\nattack.\r\nWarLock claims the attack\r\nA threat actor using the alias ‘cnkjasdfgd’ and claiming to be a member of the WarLock ransomware gang claimed the attack\r\nand offered to sell for $200,000 a batch of one million documents allegedly stolen from Colt.\r\nSeveral data samples have also been published to prove the validity of the files. According to the threat actor, the stolen files\r\ninclude financial, employee, customer, and executive data, internal emails, and software development information.\r\nThreat actor's post on a hacker forum\r\nSource: KELA\r\nAlthough the telecommunications company did not disclose the cause of the breach, security researcher Kevin Beaumont\r\nsays that the hacker likely managed to gain initial access by exploiting a remote code execution vulnerability in Microsoft\r\nSharePoint tracked as CVE-2025-53770.\r\nThe security issue has been exploited as a zero-day since at least July 18 and is considered critical in severity. Microsoft\r\naddressed it in a security update on July 21.\r\nAccording to Beaumont, the hackers stole a few hundred gigabytes of files with customer data and documentation.\r\nBleepingComputer has contacted Colt to ask for verification of these allegations, and a spokesperson sent us the below\r\ncomment:\r\nhttps://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/\r\nPage 3 of 4\n\n\"We’re aware of claims regarding the cyber incident. We are currently investigating these claims.\"\r\n\"Our technical team is focused on restoring the internal systems impacted by the cyber incident and is working closely with\r\nthird-party cyber experts. We are grateful for our customers’ understanding as we work towards a resolution to fix the\r\nimpacted internal systems.\" - Colt spokesperson\r\nUpdate 8/15 - Added comment from Colt\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/\r\nhttps://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/"
	],
	"report_names": [
		"colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale"
	],
	"threat_actors": [],
	"ts_created_at": 1775434233,
	"ts_updated_at": 1775791273,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a8e8df1b95d93ccedbc10cca2a35f1342d43365b.pdf",
		"text": "https://archive.orkl.eu/a8e8df1b95d93ccedbc10cca2a35f1342d43365b.txt",
		"img": "https://archive.orkl.eu/a8e8df1b95d93ccedbc10cca2a35f1342d43365b.jpg"
	}
}