U.S. telecommunications giant Ribbon has confirmed that government-backed hackers had access to its network for almost a year before getting caught, according to a public filing.
The telco giant said in a 10-Q disclosure last week with the U.S. Securities and Exchange Commission that a suspected “nation-state actor had gained access to the company’s IT network” as early as December 2024. Ribbon said it notified law enforcement and that it believes the hackers are no longer in its network.
The Texas-headquartered Ribbon provides phone, networking, and internet services for companies, enterprises, and critical infrastructure organizations, such as energy and transportation systems. The company counts hundreds of companies as customers, including Fortune 500 firms and government agencies, such as the Department of Defense.
Reuters, which first reported news of the breach, said three of Ribbon’s customers are known to be affected, but the companies were not named.
It’s not clear if the hackers exfiltrated personally identifiable information belonging to any individuals or other sensitive data from its corporate customers in the breach, but the company noted in the filing that “several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor.” Ribbon said it notified the affected customers.
Ribbon is the latest in a series of telecommunication providers to have been hacked over the past two years, though the company did not immediately say which government it believes is behind the intrusions.
Catherine Berthier, a spokesperson for Ribbon, did not return TechCrunch’s request for comment.
Chinese-backed hackers have previously targeted and compromised at least 200 U.S.-based companies, including phone and internet providers, in an effort to steal phone records and calling data about senior U.S. government officials. Several telcos, including AT&T, Verizon, and Lumen, were confirmed hacked as part of the campaign, along with cloud giants and datacenter providers.
Some of the companies were located outside of the United States, including Canada.
The hackers, known as Salt Typhoon, are one of several China-backed hacking groups said to be targeting the U.S. and its allies as part of a multi-year effort to prepare for a future anticipated Chinese invasion of Taiwan, according to U.S. government officials.
Original Source: https://techcrunch.com/2025/10/31/government-hackers-breached-telecom-giant-ribbon-for-months-before-getting-caught/
Disclaimer: This article is a reblogged/syndicated piece from a third-party news source. Content is provided for informational purposes only. For the most up-to-date and complete information, please visit the original source. Digital Ground Media does not claim ownership of third-party content and is not responsible for its accuracy or completeness.
