- Colt Technology Services removes offline services, confirms that this was due to a cyber attack
- A group of ransomware called warlock claimed responsibility
- Independent researchers think that the attackers hit the company’s SharePoint servers
Colt Technology Services underwent a cyber attack which forced him to draw parts of his offline computer network for several days, considered as a ransomware attack.
The company has not discussed the incident itself – the identity of the attackers, their motivations or what they did.
However, The register I found a ransomware operator called Warlock claimed the responsibility of the attack, because on a Dark web forum, a member of the group offered a million corporate documents, for $ 200,000. Currently, the statements, or the authenticity of the files, have not been confirmed.
Back online
Several of the company’s services, including the COLT Online customer portal, were not available. Shortly after, Colt updated his status page to inform his clients of the incident:
“Thank you for your patience and understanding while some of your support services, including Colt Online and our API Voice platform, remain unavailable. We can confirm that this is linked to our response to a recent cyber-incident at Colt Technology Services,” said notification.
“We have detected cyber-incident on an internal system. This system is distinct from the infrastructure of our customers. We have taken immediate protective measures to ensure the security of our customers, colleagues and businesses, and we have proactively informed the competent authorities. ”
At the time of the press, the Colt Online client portal seems to be back online, but the status page has not yet reflected this change.
Experts believe that attackers probably opted for SharePoint servers from Colt. Some of these servers have been removed offline afterwards, most likely, infected with an online component. Colt seems to have added firewalls to these servers after the attack.
Warlock is an emerging threat to ransomware space, attracting attention earlier in 2025 when it was included in an attack targeting a distant code bug in Microsoft Sharepoint.
Via The register
