Overview

• Colt said certain files containing customer-related information were accessed and is offering customers a list of the posted filenames via a dedicated call center.
• Warlock is conducting a private auction for the stolen Colt data that closes on August 27, claiming 1 million documents for $200,000 with no sample leaked so far.
• Customer-facing systems including Colt Online, Voice API, number-hosting APIs, and the On Demand portal remain unavailable as investigations continue with law enforcement.
• Microsoft reported the Storm-2603 actor distributing Warlock on exploited SharePoint on‑prem servers, while Trend Micro detailed GPO abuse, guest-account elevation, SMB/RDP lateral movement, RClone exfiltration, and a LockBit-derived locker.
• Open-source tracking shows Warlock rapidly adding victims, and Orange Belgium confirmed criminal access to data on 850,000 customers with notifications to authorities.