- Colt Technology Services draws services offline confirms that this was due to a cyberattack
- A Ransomware -Group called Warlock assumed responsibility
- Independent researchers believe that attackers hit the company’s SharePoint servers
Colt Technology Services has suffered a cyberattack that forced it to pull parts of its IT network offline for several days, is believed to be a ransomware attack.
The company did not discuss the incident itself – the identity of the attackers, their motives or whatever they did.
However, Registered Found a ransomware operator called Warlock assumed responsibility for the attack, which at a dark web forum offered a member of the group a million business documents for $ 200,000. At this point, the allegations or authenticity of the files have not been confirmed.
Back online
Several of the company’s services, including Colt Online customer portal, were not available. Shortly after, Colt updated his status page to notify his customers of the incident:
“Thank you for your patience and understanding, while some of your support services including Colt Online and our Voice API platform remain unavailable. We can confirm that this is related to our response to a recent cyber event at Colt Technology Services,” the message reads.
“We discovered the cyber event on an internal system. This system is separate from our customers’ infrastructure. We took immediate protection measures to secure our customers, colleagues and business security, and we proactively informed the relevant authorities.”
At the time of the press, Colt Online customer portal seems to be back online, but the status page should not yet reflect this change.
Experts believe that attackers probably went for Colts SharePoint servers. Some of these servers were drawn offline after, probably infected with a webshell. Colt seems to have added firewalls to these servers after the attack.
Warlock is a growing threat in the Ransomware space that will receive attention earlier in 2025 when it was included in an attack targeted against a remote code error in Microsoft SharePoint.
Via Registered
