Customers of Colt Experience Long-Term Service Disruptions Following Severe Cyber Attack
In an unexpected turn of events, Colt Technology Services is currently grappling with a cyber incident that has forced the company to temporarily shut down some of its services. The incident, which occurred on August 14, has disrupted Colt's internal systems and customer services, including the customer portal and Voice API platform.
The disruption of services includes hosting and porting services, as well as the Colt Online platform. Customers have been advised to contact Colt Technology Services via email or phone if they need to get in touch.
The Warlock ransomware group has claimed responsibility for the breach, announcing the incident on August 16. Ransomware monitoring platforms Ransomware.live and RansomLook have also confirmed this claim.
The documents allegedly stolen from Colt include financial records, employee and customer data, executive communications, internal emails, and proprietary software development files. The internal system that was breached was disconnected from customer-facing infrastructure.
The breach at Colt Technology Services may have originated from activity targeting the company's SharePoint servers. The servers were abruptly taken offline, with evidence suggesting possible webshell implants. Webshell implants are a common tactic for maintaining unauthorized access.
Security researcher Kevin Beaumont found IP addresses linked to cybercriminal operations probing Colt's systems before the attack through his analysis of Shodan scan data. Beaumont also suggested that the incident potentially exploited CVE-2025-53770, a vulnerability involved in the 'ToolShell' exploit chain.
In response to the incident, some systems at Colt Technology Services have been taken offline, and the company has rushed to implement firewall protections for its EU infrastructure. A podcast titled "ToolShell Deep Dive - The SharePoint Exploit Crisis Uncovered" is available for listening, providing further insights into the incident.
As the situation unfolds, Colt Technology Services continues to work diligently to restore its services and protect its customers' data. The company encourages anyone with concerns or questions to reach out via the contact information provided.
