UK telecom company experiences network shutdown following cyber assault
UK Telecom Firm Colt Technology Services Hit by Warlock Ransomware Attack
The UK telecoms firm Colt Technology Services has fallen victim to a cyber attack claimed by the Warlock ransomware group. The attack, which occurred on Tuesday, 12th August, is part of a series of attacks on telecoms companies in Europe.
According to reports, the entry point for the attack was sharehelp.colt.net, via the SharePoint vulnerability CVE-2025-53770. As a result, some systems were taken offline, disrupting support services including the Colt Online customer portal and the company's Voice API platform.
The Warlock ransomware group is offering the stolen data for sale on a Russian Tor forum, with the group claiming to have stolen 'a few hundred gig' of customer data and documentation. The French cybersecurity agency ANSSI has issued a warning about state-sponsored threats targeting the country's telecommunications sector, and French providers Orange and Bouygues Telecom have also been targeted in the last month.
Similar attacks on US phone providers have been linked to the China-linked Salt Typhoon hacking group, and the FCC has ordered telcos to improve security after Salt Typhoon chaos.
Gabrielle Hempel, security operations strategist at Exabeam, commented on the Warlock attack, stating that it highlights recurring issues in the telecom industry. Hempel pointed out the operational ripple effect when support services go down, even if the core network infrastructure remains intact.
In high-value and high-availability industries like telecom, security Service Level Agreements (SLAs) should be as strict, if not stricter, than availability SLAs, Hempel stated. Hempel also emphasized that for critical infrastructure providers, RCE patch pipelines should be prioritized and automated wherever possible for internet-facing services.
The company took immediate protective measures and proactively notified the relevant authorities. Hempel suggested that patch timelines need to improve, with SharePoint RCE or similar severe vulnerabilities for externally accessible systems being addressed within hours, not weeks.
The Great British landline switch-off, the Workday data breach, and the FCC ordering telcos to improve security after Salt Typhoon chaos are other news items mentioned in the article, but these are not directly related to the Colt Technology Services cyber attack.
