[German]I have no idea whether and how many blog readers use the SIP trunk services of the provider Colt (colt.net) for telephony. The provider has suffered a cyber incident (possibly since last Thursday). This also affects the SIP trunk solutions of customers (like German Starface Connect).
Brief background information on SIP trunking / Starface
SIP trunking is a Voice over Internet Protocol (VoIP) technology and a streaming media service based on the Session Initiation Protocol (SIP). SIP phones enable Voice over IP connections via the Session Initiation Protocol (SIP). The call is transmitted in individual data packets over the Internet. SIP phones can be implemented as a single device (hardphone), a telephone adapter plus a classic telephone, or as a software solution (softphone) on a PC or smartphone. There are both wired (usually Ethernet) and wireless (usually WLAN or DECT) variants.
Many providers of cloud-based telephone systems rely on this technology. German Starface GmbH uses a SIP trunk for its Starface Connect solution, whereby the SIP trunk is provided by colt.net, to my knowledge.
Cyber incident at Colt
Blog reader Maximilian E. sent me a private message on Facebook on Monday informing me that the SIP trunk provider Colt had been hacked and that Starface Connect was affected.
The provider has announced on its website that a cyber incident has affected its business systems and that its customers' infrastructure has been disconnected. As a result, the customers' systems are no longer functioning.
A cyber incident was recently detected in a business support system that is separate from the customer infrastructure. When the incident was discovered, immediate action was taken to contain and investigate the problem. To ensure the safety of customers, colleagues, and our company, Colt proactively disconnected the connections to the infrastructure and informed the relevant authorities.
After a thorough investigation, it was determined that some data had been stolen. The priority is to determine the exact nature of the affected data as quickly as possible and to notify all affected parties. A special incident response team, which includes external investigators and forensic experts, is working on this.
Starface informs customers
Starface GmbH has a forum thread that started last Thursday (August 14, 2025) informing customers that Cold had suffered a cyber incident. Colt confirmed to Starface that the attack did not allow access to customer data. The attack only affected Colt, and services were shut down as a precautionary measure. The Starface GmbH thread provided information about possible restrictions.
