In a significant blow to its digital infrastructure, multinational telecommunications company Colt Technology Services has been grappling with a “cyber incident” that has caused widespread disruption to its customer services. The company’s customer portal, Colt Online, along with its Voice API platform, has been offline for several days. Colt has clarified that the attack targeted an internal system separate from its customer-facing network. This has prompted the company to take some systems offline proactively as a protective measure, leading to the current disruption. While the outage is frustrating for customers, Colt’s primary concern has been to secure its network and safeguard sensitive information.
The telecommunications giant has publicly stated that it has found no evidence of improper access to customer or employee data. This assurance, however, has been challenged by an emerging claim from the WarLock ransomware group. An account on the Ramp cybercrime forum, allegedly representing the group, has taken credit for the attack. This account is now attempting to sell what it claims are a million company documents for $200,000. The alleged stolen data includes sensitive information like employee salaries and personal details, directly contradicting Colt’s initial public statement. While the claims of the ransomware group remain unconfirmed, they add a layer of complexity and concern to the ongoing incident.
The full extent and origin of the attack are still under investigation, but initial observations from infosec watchers offer some clues. Kevin Beaumont, a notable security expert, observed Shodan scans that showed IP addresses linked to cybercriminals connecting with Colt’s SharePoint servers. According to Beaumont, these servers were subsequently taken offline and appeared to have webshells implanted on them—malicious scripts that provide remote access to a server. These technical details suggest a sophisticated and targeted attack. Public records also indicate that on the day the disruption was announced, Colt added new firewall protections to its EU infrastructure, a move that aligns with efforts to contain an active threat.
As the company works around the clock to restore its systems, customers are being redirected to alternative support channels.
With its online portal and voice platform unavailable, Colt has advised customers to contact its support teams directly via email or phone. This shift highlights the immediate impact of the cyber incident on daily operations and customer support. The company has expressed regret for the inconvenience caused and has asked for patience from its customers as it collaborates with third-party cyber experts to resolve the issue.
The incident underscores the persistent and evolving threat of cyberattacks faced by large corporations today. Founded in 1992, Colt has grown into a major international player with a presence in 40 countries and 230 cities, providing services to a vast network of clients. The company’s size and critical role in the global telecommunications infrastructure make it an attractive target for cybercriminals. The unconfirmed claims of data theft by the WarLock group serve as a reminder of the dual threat posed by these attacks: both the operational disruption and the potential for a catastrophic data breach. Colt’s response and ultimate resolution will be closely watched by the industry as a case study in managing a major cyber crisis.
Reference:
