Executive Summary
UK-based telecom provider Colt Technology Services has been battling a cyberattack since August 12, 2025, which disrupted several of its support and online platforms for days. Initially described as a “technical issue,” the company later confirmed it was a cyber incident and that customer data was stolen. The WarLock ransomware group has claimed responsibility, asserting they are selling one million documents containing sensitive financial, employee, and customer information for $200,000. Cybersecurity experts suggest the attack may have exploited a critical Microsoft SharePoint vulnerability, CVE-2025-53770. This vulnerability was previously reported by the RH-ISAC Intelligence Team in a separate intelligence post.
Analysis
The cyberattack on Colt Technology Services appears to be a sophisticated intrusion with a significant impact, despite Colt’s initial claims that only support systems were affected and its core network remained intact. The alleged attacker, ‘cnkjasdfgd’ of the WarLock ransomware group, is offering to sell a massive cache of stolen data, which reportedly includes sensitive employee salary data, customer contracts, and critical network architecture designs.
This level of data exfiltration suggests a deep compromise of internal systems, with security expert Kevin Beaumont pointing to the recently exploited Microsoft SharePoint RCE vulnerability, CVE-2025-53770, as a likely entry point. This zero-day flaw, which was actively exploited in the wild before a patch was released, could have provided unauthenticated access to Colt’s internal SharePoint servers.
