Colt Technology Services has been dealing with a cyberattack that has disrupted parts of its business for more than a week. The UK-based telecommunications firm, which operates in 30 countries and runs nearly 50,000 miles of fiber connecting 900 data centers, confirmed that several internal support systems remain offline.
The incident began on 12 August, when Colt detected unusual activity and took systems down as a protective measure. The move cut access to Colt Online, its Voice API platform, and hosting and porting services.
Customers who normally use web portals have been told to rely on phone or email instead, and warned of slower-than-usual response times.
Colt has been issuing regular status updates. On 17 August, the company wrote:
“We detected the cyber incident on an internal system. This system is separate from our customers’ infrastructure. We took immediate protective measures to ensure the security of our customers, colleagues, and business, and we proactively notified the relevant authorities.”
Since then, the message has remained consistent: services are still down, teams are working “around the clock,” and customers are urged to be patient.
19 August, Colt reiterated, “Our teams continue to work 24/7 to restore the internal systems affected by the recent cyber incident. We understand how frustrating it is not to have access to some of our support services such as Colt Online and our Voice API platform, and we’re very sorry for this.”
The company has emphasized that the disruption affects support systems rather than its core network infrastructure. Customers’ networks remain operational.
Behind the outage, however, the situation appears more serious. A threat actor has claimed responsibility, offering what they describe as a cache of one million documents for $200,000. The data allegedly includes financial records, internal emails, proprietary code, and information on both employees and customers. Colt has not confirmed these claims.
Independent researchers have pointed to a likely cause. Security specialist Kevin Beaumont believes the attackers may have exploited a critical Microsoft SharePoint flaw. The remote code execution vulnerability has been under active attack as a zero-day since mid-July. Colt has not commented on that theory.
Evan Dornbush, CEO of cybersecurity firm Desired Effect and a former NSA expert, sees the incident as part of a wider problem.
“This latest breach is another painful reminder that attackers are winning the vulnerability game,” Dornbush said. “The current grey market provides a profitable path for criminals to acquire zero day exploits, while ethical researchers are left with limited alternative options. Without a pathway to an ethical marketplace that fairly compensates researchers for their vital work, defenders will always be playing catch-up.”
For Colt, the task is immediate: restore services, reassure customers, and contain the breach. For the industry, the questions run deeper. How to close the widening gap between attackers who can weaponize zero-days at speed, and defenders who discover them too late.
The company has promised further updates. For now, customers wait.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.