“Colt are being extorted by Warlock ransomware group, they have been for over a week, Colt are trying to cover it up,” Beaumont wrote on Mastodon on Friday, Aug 15. “Entry likely via sharehelp.colt.net via CVE-2025-53770 as they were interacting with it.” Beaumont added that the group has stolen a few hundred gigabytes of customer data and documentation, posting a list of files with samples on a Russian Tor site.
“We’ve seen already this year that telecom is particularly vulnerable to attacks, and I think this WarLock attack highlights some recurring issues that telecom and large-scale network service providers are starting to see,” said Gabrielle Hempel, Security Operations Strategist at Exabeam. “There’s this operational ripple effect when you’re a service provider and support-layer services go down. Even though Colt claims its “core network infrastructure” is still intact, the outage of hosting, porting, and API services still disrupts customer trust and downstream operations.”
Data allegedly put up for sale
The WarLock group has reportedly put the alleged documents up for sale on the forum. Along with the ransom demand of $200,000, they’ve provided sample documents as proof, raising alarm over what might be exposed if Colt doesn’t pay up.
The trove reportedly includes financial records, salary data, customer contact details, internal communications, and software development blueprints.
