Particle.news
Download on the App Store
9 ARTICLES
·
yesterday

Colt Confirms Data Theft as Warlock Ransomware Auctions Stolen Files

Investigators tie the breach to recent SharePoint ToolShell exploits that have powered Warlock’s rapid rise.

Colt telecom ransomware data breach
Image
Image

Overview

  • Colt said attackers accessed files that may include customer-related information and is offering customers a way to request the list of filenames posted on the dark web.
  • Key support portals including Colt Online and the Voice API remain offline with restoration work ongoing and no timeline provided.
  • Warlock claims to be auctioning roughly one million Colt documents for $200,000 on the RAMP forum, has not released samples, and set an August 27 auction end date.
  • Microsoft previously reported a threat actor it tracks as Storm-2603 distributing Warlock ransomware via the SharePoint ToolShell exploit, while Trend Micro detailed post-exploitation tactics including GPO abuse, RClone exfiltration, and a LockBit-derived locker that appends .x2anylock.
  • Warlock has listed other victims such as Orange Belgium, and UK FOIA data shows the ICO was aware of ToolShell-related personal data breaches by late July.