- Colt has updated its state page to confirm data exfiltration
- He is currently examining the type of stolen information
- Warlock sells archives for $ 200.00
Colt Technology Services has confirmed that sensitive customer data has been stolen in a recent cyber attack and are now sold online.
The customers of the British telecommunications company recently complained after having been able to access some of its services, and shortly after, the company said that it was forced to close certain parts of its infrastructure due to an ongoing attack.
At the time, the company did not discuss the identity of the attackers, or if they stole files, but now a group of ransomware known as Warlock claimed to be behind the attack, and has already started to sell a database with a million files on the Dark Web, for $ 200,000.
Attack SharePoint servers
Now Colt seems to have confirmed these reports, at least in part.
“Thanks to our in -depth investigation, we have determined that certain data has been taken,” said an updated announcement. “Our priority is to determine at the rate the precise nature of the data which is affected and to notify all the parties concerned.”
Warlock says the archives contain financial information, network architecture data and customer information. If these affirmations prove to be true, the archives are a real treasure for criminals who can use it for phishing, identity theft and even wire fraud.
Colt customers could have asked for a list of file names published on the Dark Web from the dedicated call center.
Warlock is a Chinese group deploying Lockbit windows and VMware Esxi Esxi Encryptors in its attacks.
Experts believe that the attackers probably opted for SharePoint servers in Colt, who have proven attractive objectives for the pirates in recent times. Some of these servers have been removed offline afterwards, most likely, infected with a shop side – and Colt seems to have added firewalls to these servers, after the attack.
Via Bleeping Compompute
