A major UK telecommunications firm has taken several of its internal systems offline following a significant cyberattack, with a new ransomware group claiming responsibility for the breach. Colt Technology Services, a London-based network and communications provider, began experiencing what it initially described as a “technical issue” on August 12, but later confirmed it was a “cyber incident on an internal system.”
The attack has impacted key customer support platforms, including the “Colt Online” customer portal and its Voice API platform. In a statement, the company confirmed that it “proactively” took these systems offline to “ensure the security of our customers, colleagues, and business.” While Colt has stressed that its core customer network infrastructure remains operational, the disruption has forced the company to work in a more “manual way,” leading to slower response times for customer inquiries via phone and email.
The incident has been claimed by the Warlock ransomware group, which has reportedly emerged in recent months. The group has offered to sell over a million documents allegedly stolen from Colt for a price of $200,000. According to the claims made on a dark web forum, the stolen data includes a wide range of sensitive information, such as financial, employee, and customer data, as well as internal emails and details on the company’s network architecture.
Although the company has not confirmed the authenticity of the claims or the nature of the breach, cybersecurity researchers speculate that the attackers may have gained access by exploiting a recently patched vulnerability in Microsoft SharePoint. This vulnerability, known as CVE-2025-53770, allows attackers to steal cryptographic keys from unpatched servers.
The attack on Colt is the latest in a series of similar incidents targeting the telecommunications sector in Europe and highlights the growing threat from ransomware gangs. Experts say that service providers like Colt are particularly attractive targets for cybercriminals due to the critical infrastructure they control and the high-value data they possess.
Colt has stated that it is working “around the clock” to restore the affected systems and is collaborating with third-party cybersecurity experts and relevant authorities to investigate the breach and ensure a secure resolution.
