1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Colt confirms customer data stolen as Warlock ransomware crew auc

    From TechnologyDaily@1337:1/100 to All on Friday, August 22, 2025 10:30:10
    Colt confirms customer data stolen as Warlock ransomware crew auctions off details

    Date:
    Fri, 22 Aug 2025 09:22:02 +0000

    Description:
    While Colt investigates the nature of the stolen files, Warlock is selling "financial information, network architecture data, and customer information".

    FULL STORY ======================================================================Colt
    has updated its status page to confirm data exfiltration It is currently looking into the type of information stolen Warlock is selling the archives for $200,00

    Colt Technology Services has confirmed sensitive customer data was stolen in
    a recent cyberattack, and is now being sold online.

    Customers of the UK telco firm recently complained after not being able to access some of its services, and soon after, the company said it was being forced to shut down parts of its infrastructure due to an ongoing attack .

    At the time, the company did not discuss the identity of the attackers, or if they stole any files, but now a ransomware group known as Warlock has claimed to be behind the attack, and has already started selling a database with a million files on the dark web, for $200,000. Attacking SharePoint servers

    Now, Colt seems to have confirmed these reports, at least in part.

    Through our extensive investigation, we have determined that some data has been taken, an updated announcement says. Our priority is to determine at
    pace the precise nature of the data that is impacted and notify any affected parties.

    Warlock claims the archives contain financial information, network architecture data, and customer information. If these claims turn out to be true, the archive is a true treasure trove for criminals who can use it for phishing, identity theft , and even wire fraud.

    Colts customers are reportedly able to request a list of filenames posted on the dark web from the dedicated call center.

    Warlock is a Chinese group deploying LockBits Windows, and Babuks VMware ESXi encryptors in its attacks.

    Experts believe the attackers most likely went for Colts SharePoint servers , which have proved attractive targets for hackers in recent times. Some of these servers were pulled offline after, most likely, being infected with a webshell - and Colt seems to have added firewalls to those servers, following the attack.

    Via BleepingComputer You might also like UK businesses are replacing VPNs with proxy services Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/colt-confirms-customer-data-stolen-as-w arlock-ransomware-crew-auctions-off-details


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)