Kevin BeaumontPour one out for Colt.
Colt disappeared yesterday, their status page says "technical issue"
Their customer portal is also MIA: https://online.colt.net
Colt are dealing with what appears to be an undisclosed cyber incident. They firewalled their inbound EU infrastructure on the 12th - org:”COLT EU INFRASTRUCTURE” on Shodan.
Colt had ecrime IP addresses talking to a bunch of their Microsoft SharePoint servers (now offline), which also appeared to have webshells on them.
Colt's also started isolating some systems on COLT Technology Services Group Limited ASN (or they've otherwise lost 'em).
Colt have finally confirmed an ongoing cyber incident, after several days of pretending it was a technical issue to customers.
Btw although everything is written in the past tense, the customer facing systems (which include data on customers - eg Colt Online) are still offline now and the incident is very definitely still ongoing.
Colt are being extorted by Warlock ransomware group, they have been for over a week, Colt are trying to cover it up.
Entry likely via sharehelp.colt.net via CVE-2025-53770 as they were interacting with it.
They've stolen a few hundred gig of customer data and documentation and posted a file list on a forum.
Brian Clark@GossiTheDog this is useful. Thanks for sharing.