U.S. Telecommunications Giant Ribbon Hacked by Suspected Nation-State Actors

U.S. telecommunications company Ribbon has confirmed that its network was breached by government-backed hackers, who maintained access for almost a year before being detected. This information was revealed in a public filing with the U.S. Securities and Exchange Commission. According to the company, the intrusion began as early as December 2024. Ribbon states that after discovering the breach, it notified law enforcement agencies. The company now believes threat actors no longer have access to its systems.

Customer Impact and Ongoing Investigation

Ribbon, headquartered in Texas, delivers phone, networking, and internet services to many enterprises and critical infrastructure clients, including energy and transportation sectors. Its customer base includes Fortune 500 firms and major government agencies such as the Department of Defense. Despite the seriousness of the situation, spokesperson Catherine Berthier disclosed that only three customers are known to have been affected so far; however, for confidentiality reasons, she did not reveal their names.

The extent of the breach remains uncertain. It is not yet clear if any personally identifiable information or sensitive business data was stolen from corporate customers. Nevertheless, the company’s 10-Q filing indicates that “several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor.” These findings have prompted Ribbon to notify impacted clients immediately.

While Ribbon did not attribute the hack to a specific government, the breach forms part of a broader trend. In recent years, several telecommunication providers have fallen victim to similar attacks. Despite media inquiries, the company refrained from commenting further, citing an ongoing investigation.

Broader Context: Nation-State Hacking Campaigns

The breach at Ribbon comes amid heightened concerns about cyber threats to telecommunication infrastructure. Previously, hackers linked to the Chinese government have targeted over 200 U.S.-based companies, including major phone and internet providers. Their primary aim has been to steal call records and communications data belonging to senior U.S. government officials. Several well-known telecom organizations—such as AT&T, Verizon, and Lumen—have confirmed compromises as part of a wider campaign. These attacks have not been limited to the United States; some victim companies are based in Canada, and similar campaigns have reached both datacenter and cloud service providers.

These persistent hacking efforts are attributed to groups like Salt Typhoon, one of several hacking collectives with connections to the Chinese government. According to U.S. government officials, these groups are engaging in multi-year espionage and sabotage operations to prepare for a potential future conflict, notably a possible Chinese invasion of Taiwan. Salt Typhoon and related groups continue to target both the United States and allied nations.

Updated with comment from Ribbon.

Tags: Hakerat qeveritarë, sulm kibernetik, telekomunikacion, spiunazh kinez, siguria e rrjetit, Ribbon Communications