Colt, a London-based telecoms and network services company, is currently working to restore various customer-facing services after being targeted in a cyber attack by the Warlock ransomware gang.
Initially believed to be a technical issue, the incident began on Tuesday, August 12th, when customers reported disruptions to their services. By Thursday, August 14th, Colt confirmed that they were dealing with a cyber incident affecting their Colt Online support services and Voice API platforms.
A Colt spokesperson stated that the cyber incident was detected on an internal system separate from customer infrastructure. As a precautionary measure, certain systems were taken offline, causing disruptions to support services. The company is actively working to restore access to the affected systems.
The Warlock ransomware group claimed responsibility for the attack and has posted details of the intrusion on their dark web leak site. They are allegedly selling stolen data, including customer and financial information, for $200,000.
Security researcher Kevin Beaumont suggested that Colt may have been breached through a security flaw in Microsoft SharePoint Server. The vulnerability, CVE-2025-53770, allows attackers to steal cryptographic keys and execute malicious requests.
Colt is investigating the claims made by the ransomware group and is working with third-party experts to restore their internal systems. The gang, known for its affiliate-style business model, has carried out multiple cyber attacks across various sectors.
This article was last updated on August 15, 2025, to include a response from Colt regarding the cyber incident.
