U.S. telecommunications giant Ribbon Communications has confirmed that state-backed hackers infiltrated its internal network and remained undetected for almost a year, marking one of the most prolonged breaches in the telecom sector this year.
In a 10-Q filing with the U.S. Securities and Exchange Commission, Ribbon revealed that a “nation-state actor gained access” to its IT systems as early as December 2024. The company said the intrusion was discovered recently, prompting immediate notification of law enforcement authorities. Ribbon believes the attackers have now been removed from its systems.
Based in Texas, Ribbon provides phone, networking, and internet infrastructure for hundreds of enterprise and government clients, including critical sectors such as energy, transportation, and defense. Its customer roster includes Fortune 500 firms and U.S. government agencies like the Department of Defense, making the breach particularly alarming from a national security perspective.
Company spokesperson Catherine Berthier confirmed that three customers were directly affected, but declined to name them due to confidentiality agreements. Ribbon’s filing also disclosed that some customer files stored outside the main corporate network—specifically on two laptops—were accessed by the intruders. The affected clients have been notified.
While it remains unclear whether personally identifiable information (PII) or sensitive customer data was stolen, the company said it is cooperating with authorities and conducting a thorough investigation.
This incident adds Ribbon to a growing list of telecommunication companies targeted by government-backed cyber operations over the past two years. The attack’s origin has not been officially confirmed, but cybersecurity experts point to a pattern consistent with Chinese-linked espionage campaigns.
Previous investigations have tied China-backed hacking groups, including the one known as Salt Typhoon, to attacks on at least 200 U.S. companies, among them AT&T, Verizon, and Lumen. These operations reportedly sought to steal phone metadata and communication logs involving senior U.S. officials. Similar breaches have been detected in Canada and other allied nations, suggesting a coordinated, multi-year effort to infiltrate Western telecommunications networks.
U.S. officials believe these campaigns are part of a strategic cyber reconnaissance mission by China to prepare for potential geopolitical conflict scenarios, including a future invasion of Taiwan.
Ribbon has declined to attribute the breach publicly or provide additional details, citing the ongoing investigation and cooperation with federal agencies.
