Colt Technology Services has acknowledged that sensitive customer data may have been accessed and is at risk of being leaked, following a recent cyber attack. This admission marks a shift from its initial statement, where the company said the incident only impacted an internal system separate from customer infrastructure.

Initial Response and Service Disruption

On August 14, the UK-based telecommunications provider reported that it had taken certain systems offline to contain a “cyber incident” targeting an internal, non-customer-facing environment. Despite these precautions, the shutdown has affected several services, including hosting, porting, Colt Online, and Voice API platforms.

Stolen Files Found on the Dark Web

In an update issued on August 21, Colt revealed that attackers had accessed files potentially containing customer-related information. The threat actors have already published some document titles on the dark web, raising concerns about data exposure.

“Our immediate focus is identifying exactly what information these files contain,” Colt stated. The company has taken the unusual step of allowing customers to call a dedicated support line to request a list of filenames that were posted online.

As of August 21, the disrupted services remained offline. Colt noted that it is still too early to provide a timeline for restoration but promised ongoing updates.

Cybercriminal Group “Warlock” Behind the Attack

The group claiming responsibility, known as Warlock, has opted for a different tactic than typical ransomware gangs. Instead of leaking data samples as part of a “double extortion” scheme, Warlock plans to auction the stolen information privately, with bidding set to close on August 27.

Warlock has also recently taken credit for another attack targeting Orange Belgium. Cybersecurity researchers, including Kevin Beaumont and experts at Trend Micro, report that the group has been exploiting vulnerabilities in Microsoft SharePoint through the ToolShell exploit chain, enabling them to compromise organizations worldwide.

Key Takeaway

This incident highlights the evolving strategies of cybercriminal groups and underscores the importance of proactive cybersecurity measures, particularly around commonly targeted software vulnerabilities.

Source: https://www.infosecurity-magazine.com/news/colt-customer-data-likely-stolen