UK telecoms firm takes systems offline after cyber attack
Briefly

Colt Technology Services was targeted by the Warlock ransomware group, which began its attack on August 12. The company confirmed that the impacted system was distinct from customer services. Immediate actions were taken to secure customer and business data, leading to the shutdown of several services, including the Colt Online portal. Security researcher Kevin Beaumont identified that the entry point was likely through a SharePoint vulnerability that permits remote code execution. Warlock allegedly stole significant data and is offering it for sale on a Tor forum.
Colt Technology Services has suffered a cyber attack claimed by the Warlock ransomware gang, impacting internal systems but separate from customer infrastructure.
The attack appears to involve exploitation of the SharePoint vulnerability CVE-2025-53770, potentially allowing attackers to execute remote code and steal cryptographic keys.
The Warlock ransomware group reportedly stole several hundred gigabytes of data, offering a significant amount of sensitive information for sale on a Russian Tor forum.
The stolen data includes employee salary and financial information, customer contracts, personal information, and software development documentation.
Read at IT Pro
[
|
]