Colt Technology Services, which has a UK headquarters in London, has confirmed that customer documentation was stolen following a ransomware attack on 12 August. The British network services provider’s admission occurred after the Warlock ransomware group began auctioning what it claims are one million documents on the Ramp cybercrime forum for £149,000. The stolen documents reportedly contain financial information, network architecture data, and customer details. The attack caused disruption, with the Colt Online customer portal, voice API platforms, and several automated processes being taken offline as a protective measure.

The Warlock Group, also known as Storm-2603, is thought to have gained initial access by exploiting a remote code execution vulnerability in Microsoft SharePoint. Microsoft had previously reported the group’s exploitation of this vulnerability to breach corporate networks. According to RansomLook.io, Warlock has claimed 22 victims since 16 August.

The telecommunications sector is an increasing target for cybercriminals, as evidenced by simultaneous attacks on Orange. The French telecom company’s Belgian subsidiary disclosed that data for 850,000 customers was compromised in July. The compromised data included names, phone numbers, and PUK codes, which can be used to access SIM cards, although financial details were not taken. Orange’s French operations also experienced a security incident in the same month, which led to operational disruptions.

While the impacted systems at Colt were support services and not the core customer network infrastructure, the incident highlights the need for telecom providers to strengthen cybersecurity defences. The event suggests that even companies with sophisticated security practices, such as Orange, can be vulnerable. It is not clear if Orange was affected by the same vulnerability in SharePoint or was slow to implement Microsoft’s security fix.

Image source: Pixabay