- Colt Technology Services disconnect off -line services, confirms that this was due to a cyber attack
- A ransomware group called Warlock claimed responsibility
- Independent researchers believe that the attackers reached the company’s SharePoint servers
Colt Technology Services has suffered a cyber attack that forced him to extract parts of his out -of -line network for several days, which is believed to be a ransomware attack.
The company did not discuss the incident itself: the identity of the attackers, their motives or what they did.
However, The registration He found that a ransomware operator called Warlock attributed the responsibility of the attack, as in a dark web forum, a group member offered a million documents of the company, for $ 200,000. At this time, the claims, or the authenticity of the files have not been confirmed.
Return online
Several of the company’s services, including the Colt online customer portal, were not available. Shortly after, Colt updated his state page to notify his clients about the incident:
“Thank you for your patience and understanding, while some of your support services, including Colt Online and our Voice API platform, are still not available. We can confirm that this is related to our response to a recent cyber incident in Colt’s technology services,” reads the notification.
“We detect the cyber incident in an internal system. This system is separated from the infrastructure of our clients. We take immediate protection measures to guarantee the safety of our clients, colleagues and businesses, and proactively notify the relevant authorities.”
At the time of publication, Colt’s online client portal seems to be online again, but the state page has not yet reflected this change.
Experts believe that the attackers were probably for Colt SharePoint servers. Some of these servers were disconnected after, most likely, they were infected with a web network. Colt seems to have added Firewalls to those servers, after the attack.
Warlock is an emerging threat in the ransomware space, gaining attention at the beginning of 2025 when included in an attack aimed at a remote code error in Microsoft Sharepoint.
Through The registration
