Telco giant Colt suffers attack, takes systems offline – Source: go.theregister.com

Updated Multinational telco Colt Technology Services says a “cyber incident” is to blame for its customer portal and other services being down for a number of days.

It told The Register that the attack targeted one of its internal systems, which is separate from those that support customers, and said there is “no evidence that customer or employee data has been improperly accessed.”

“We took immediate protective measures to ensure the security of our customers, colleagues, and business, and we proactively notified the relevant authorities,” Colt said in a statement.

“One of our protective measures involved us proactively taking some systems offline, which has led to the disruption of some of the support services we provide to our customers. Our technical team is focused on restoring the affected systems and is working closely with third-party cyber experts.

“We apologise for the inconvenience this matter may cause and we appreciate our customers’ patience as we work towards a resolution.”

Per its status page, the issues began on August 12 when a reported incident led to disrupted services for some customers.

The London-headquartered company’s customer portal, Colt Online, was the most notable service the attack rendered unavailable, and it remains down as of Friday.

Customers are being advised to email or call its support teams in lieu of online help.

On August 13, Colt confirmed that its Voice API platform, which allows customers to automate and manage their voice services through Colt, was also part of the systems that were brought offline. 

The latest update to its status page this morning states:

“We continue to work around the clock to restore impacted internal systems following a cyber incident earlier this week. We appreciate it’s frustrating not being able to use some systems currently, including Colt Online and our Voice API platform.”

• Rackspace internal monitoring web servers hit by zero-day
• Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack
• Colt Technology UK nixes winding-up order threat from Italian VoIP reseller over £3.8m disputed debt
• FCC to telcos: By law you must secure your networks from foreign spies. Get on it

The cause of the attack is unknown, but infsoec watcher Kevin Beaumont claimed that Shodan scans indicated IP addresses associated with cybercriminals had been reaching out to Colt’s SharePoint servers.

Those servers were later pulled offline and appeared to have webshells implanted on them, he said. Browsing public records of the telco’s servers indicated that Colt added firewall protections for its EU infrastructure on the day it first announced the technical issues, he claimed.

Colt went private in 2015 after being acquired by Fidelity Investments. As of the early 2000s it had more than 15,000 customers, though has subsequently completed acquisitions to scale operations across Europe and beyond, including the $1.8 billion purchase of Lumen EMEA in 2023.

Founded in 1992 as City of London Telecommunications (COLT), it later rebranded and now has a presence in 40 countries and 230 cities, supplying services to 32,000 buildings across EMEA, Asia, and North America. ®

Updated at 15.29 UTC on August 15, 2025, to add:

Since Colt confirmed its disruption was due to a “cyber incident,” the WarLock ransomware group has claimed responsibility for the attack and is now claiming to be flogging the company’s data.

An account posting to the Ramp cybercrime forum claimed it represented WarLock and that it was selling 1 million company documents for the price of $200,000.

Among the allegedly stolen documents are employees’ salary details and personal information, which if true would contradict Colt’s claim that no staff data was compromised.

This claim from the criminals is unconfirmed. We have contacted Colt for comment.