Colt Technology Services, the London-based network and communications provider, is working to restore internal systems following a cyber attack claimed by the Warlock ransomware group.
The incident, which reportedly started on August 12, disrupted support platforms including Colt Online, the company’s customer portal, as well as its Voice API and hosting services.
Initially described as a technical fault, Colt later acknowledged the disruption was the result of a cybersecurity incident. While no core network services were taken offline, customers have reported degraded support capabilities and service delays. In its latest status update, Colt acknowledged that some of its online services and Voice API services are still down.
“We took immediate protective measures to ensure the security of our customers, colleagues, and business,” the company said in a statement.
“One of our protective measures involved us proactively taking some systems offline, which has led to the disruption of some of the support services we provide to our customers.”
Colt, which operates one of the largest independent fibre networks in Europe and Asia, stressed that core services remain operational and that customer traffic is being monitored.
“We have the capability of monitoring our customers’ networks, and we continue to manage network incidents efficiently,” Colt said, adding: “We’re working in a more manual way than normal. We’re working hard to get our automated monitoring capability fully restored.”
Warlock, a relatively low-profile ransomware group, has claimed responsibility for the intrusion and is offering over one million allegedly stolen documents for sale at a price of $200,000. The files are said to include employee records, customer data, internal emails, financial documents and proprietary source code.
Security researcher Kevin Beaumont told cyber news hub Bleeping Computer that the attackers may have gained access by exploiting a known Microsoft SharePoint vulnerability (CVE‑2025‑53770), although this has not been confirmed by Colt.
The company said it is working with third-party cybersecurity experts and has notified the relevant authorities. It has not commented on the ransom demand or confirmed the authenticity of the leaked data.
The incident highlights the increasing threat to telecommunications infrastructure from ransomware operators, and the operational fragility exposed when internal support environments are taken offline, even temporarily.
