Customers of Colt confront continued service disruptions following a significant cyber attack
Colt Technology Services, a leading global provider of network and communications solutions, is currently experiencing a cyber incident. The attack, which was first disclosed on August 14, 2025, has forced the company to temporarily shut down some of its services.
The incident involves a breach of an internal system at Colt Technology Services. According to security researcher Kevin Beaumont, the attack may have originated from activity targeting the company's SharePoint servers. Beaumont found IP addresses linked to cybercriminal operations probing Colt's systems before the attack through his analysis of Shodan scan data.
The cyberattack on Colt Technology Services has been claimed by the Warlock ransomware group. The group asserted that it stole one million documents and demanded a ransom of $200,000. The attack exploited a critical Microsoft SharePoint vulnerability known as CVE-2025-53770, which is one of the two vulnerabilities involved in the 'ToolShell' exploit chain.
The stolen documents include financial records, employee and customer data, executive communications, internal emails, and proprietary software development files. Some systems at Colt Technology Services have been taken offline as a response to the incident. The disruption of services includes hosting and porting services, Colt Online, and Voice API platforms. Both Colt Online and Voice API platforms are currently unavailable for customers.
To substantiate the claim of the breach's legitimacy, a 400,000-file sample of data has been released. According to Beaumont, the filenames included in the sample appear to be from real Colt-related files. A user on the RAMP hacker forum, claiming to be affiliated with Warlock, posted that they were selling one million stolen documents from Colt for $200,000.
Ransomware monitoring platforms Ransomware.live and RansomLook detected that the Warlock ransomware group claimed responsibility for the breach on August 16. Customers have been advised to contact Colt Technology Services via email or phone if they need to get in touch. The affected internal system was disconnected from the customer-facing infrastructure.
Public records indicate that Colt rushed to implement firewall protections for its EU infrastructure on the same day it first disclosed technical disruptions. As of now, the extent of the damage and the recovery process are still being assessed. The company is working closely with cybersecurity experts to investigate the incident and restore services as quickly as possible.
