London-based Colt Technology Services has spent nearly a week recovering from a cyberattack that the emerging WarLock ransomware gang claims to have orchestrated. The intrusion, detected on 12 August, forced the telecom operator to take parts of its IT infrastructure—including hosting, number-porting systems, the Colt Online customer portal and its Voice API platform—offline, causing service disruptions for enterprise clients across Europe, Asia and North America. On a dark-web site the attackers have advertised what they say are one million internal Colt documents for sale at US$200,000, including financial, employee and customer records. Independent security researchers believe WarLock gained initial access through a recently disclosed Microsoft SharePoint vulnerability (CVE-2025-53770) before deploying its ransomware payload. Colt said the assault did not affect its core network and that customer infrastructure is hosted on separate systems. The company has notified regulators and law-enforcement agencies while continuing restoration work; some online services were back up as of 18 August, although Colt has not provided a full recovery timeline. The WarLock gang, which surfaced earlier this year, has separately claimed breaches at other firms, underscoring the rising risk to telecommunications and critical-infrastructure providers from opportunistic ransomware operators.