U.S. telecommunications giant Ribbon has confirmed that government-backed hackers accessed its network for almost a year before being discovered, according to a public filing. The company disclosed in a 10-Q filing with the U.S. Securities and Exchange Commission that a suspected nation-state actor gained access to its IT network as early as December 2024. Ribbon stated that, after detecting the breach, it notified law enforcement and currently believes the hackers are no longer present in its systems.

Breach Details and Impact

Ribbon, based in Texas, provides phone, networking, and internet services for companies, enterprises, and critical infrastructure organizations, including energy and transportation sectors. Its diverse clientele includes Fortune 500 companies and several government agencies, among them the Department of Defense. The breach was first reported by Reuters [https://www.reuters.com/business/media-telecom/us-company-with-access-biggest-telecom-firms-uncovers-breach-by-nation-state-2025-10-29/].

Catherine Berthier, a spokesperson for Ribbon, confirmed that three customers are known to be affected. However, she refused to reveal the identity of these companies due to confidentiality concerns. Although it remains unclear whether the hackers accessed personally identifiable information or sensitive corporate data, the company noted in its filing that several customer files stored outside the main network, specifically on two laptops, appeared to have been accessed by the threat actor. Therefore, Ribbon notified the affected customers as a precaution.

Broader Cybersecurity Context

This incident positions Ribbon as the latest telecom provider to experience a significant cybersecurity breach in the last two years. The company did not directly attribute the attack to any particular government. When approached for further comments by TechCrunch, Berthier declined to share additional details, referencing the ongoing investigation.

Recently, Chinese-backed hackers have targeted and compromised more than 200 U.S.-based companies [https://techcrunch.com/2025/08/27/fbi-says-chinas-salt-typhoon-hacked-at-least-200-us-companies/], including telecommunications and internet providers, to steal sensitive data such as phone records and call logs of senior U.S. government officials. Major companies like AT&T, Verizon, and Lumen, as well as cloud service giants and datacenter providers [https://techcrunch.com/2025/06/23/canada-says-telcos-were-breached-in-china-linked-espionage-hacks/], were also targeted. Attacks have not been limited to U.S.-based companies, as several organizations in Canada were similarly affected [https://techcrunch.com/2025/06/23/canada-says-telcos-were-breached-in-china-linked-espionage-hacks/].

The hacking group, known as Salt Typhoon, is among multiple China-backed entities [https://techcrunch.com/2025/01/10/meet-the-chinese-typhoon-hackers-preparing-for-war/] reportedly targeting the U.S. and its allies. According to U.S. government officials [https://techcrunch.com/2024/01/31/fbi-cisa-volt-typhoon-cyberattack-american-infastructure/], these actions are part of a broader plan to prepare for potential future conflicts, including a possible Chinese invasion of Taiwan.

The company updated its statement with comment from Ribbon, confirming their ongoing commitment to investigating the breach and protecting their customers.

Tags: sulme kibernetike, hakerë shtetërorë, Ribbon Telecom, spiunazh kibernetik, siguri kibernetike, Telekomunikacion