Episode Summary

COLT Technology Services, a major UK telecommunications provider, suffers from ongoing ransomware attacks, causing week-long outages affecting thousands of businesses. Host Lucy Harper breaks down the SharePoint vulnerability exploitation and provides emergency supplier risk protection strategies for UK SMEs.

What You'll Learn

• How WarLock ransomware compromised COLT using Microsoft SharePoint zero-day CVE-2025-53770
• Why the 'ToolShell' exploit chain bypasses all authentication and enables remote code execution
• Real business impact: multi-day connectivity outages affecting customer portals, voice systems, and network management
• Emergency supplier risk assessment and redundant connectivity implementation strategies
• Chinese threat group coordination targeting telecommunications infrastructure across multiple countries

Critical Statistics Mentioned

• 1 million documents allegedly stolen from COLT, offered for £147,500 ransom
• 30 countries where COLT operates critical telecommunications infrastructure
• 900 data centres connected by COLT's 75,000km fibre network
• 8+ days of ongoing service disruptions affecting UK business operations
• 424 vulnerable SharePoint servers still exposed globally according to Shadowserver Foundation
• 9,665 SharePoint devices exposed to internet as of August 2025
• CVSS 9.8 critical severity rating for CVE-2025-53770 SharePoint vulnerability
• 3 Chinese APT groups confirmed exploiting same SharePoint vulnerabilities for ransomware and espionage

Key Sources & References

• BleepingComputer: COLT WarLock ransomware attack confirmation and data theft claims
• The Register: Technical timeline and service disruption details
• Microsoft Security Blog: CVE-2025-53770 vulnerability analysis and threat actor attribution
• CISA Alert: Government response and mitigation guidance for SharePoint vulnerabilities
• Computer Weekly: UK business impact analysis and expert commentary
• Palo Alto Unit 42: ToolShell exploit chain technical analysis
• Check Point Research: Exploitation campaign timeline and affected sectors
• SOCRadar: Global threat intelligence and vulnerable server identification

Episode Sponsor

Equate Group - Comprehensive cybersecurity and IT services specialising in network resilience planning, business continuity management, and supplier risk assessment.

Visit www.equategroup.com

Your Next Steps

URGENT ACTION REQUIRED:

• Audit all critical IT suppliers immediately to identify single points of failure.
• Implement redundant connectivity and verify SharePoint patch status if using on-premises systems.
• Seek professional help for comprehensive supplier risk assessment and business continuity planning.

Source Verification Standards

All sources cited in this episode have been fact-checked and verified through multiple authoritative channels.

Microsoft Security Blog serves as the primary source for technical details on vulnerabilities.

Financial figures are cross-referenced through cybersecurity threat intelligence platforms. UK-specific impact data prioritises telecommunications industry publications and government cybersecurity guidance.

Disclaimer

This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.

🎧 Subscribe for daily cybersecurity updates

👍 Like this episode if it helped you prepare

Production: Small Business Cyber Security Guy Production

Host: Lucy Harper

All rights reserved