Government hackers breached telecom giant Ribbon for months before getting caught

Ribbon, a prominent telecommunications company based in the U.S., has revealed that it fell victim to a cyber intrusion by state-sponsored hackers for nearly a year. In a recent filing with the U.S. Securities and Exchange Commission, the company disclosed that the breach occurred as early as December 2024. The company reported that they identified the threat, which they believe originated from a nation-state actor, and took immediate action by notifying law enforcement agencies. Ribbon is confident that the hackers are no longer accessing their systems. The Texas-headquartered firm is known for providing essential communication services to a wide range of clients, including major corporations and government entities, such as the Department of Defense. According to Reuters, which initially broke the news, at least three of Ribbon's customers have been impacted by this breach, although their identities remain undisclosed. There is currently no evidence suggesting that sensitive personal information or critical data from corporate clients was exfiltrated. However, the company did indicate that some customer files saved on two laptops outside the main network appeared to have been accessed. Ribbon has since reached out to the affected customers to inform them of the situation. This incident marks yet another instance of telecommunications companies facing cyberattacks in recent years. While Ribbon has not explicitly stated which government is believed to be behind the hacking attempt, it is noteworthy that Chinese-backed hackers have previously targeted numerous U.S. telecommunications firms as part of a broader strategy to gather sensitive information. These hackers, identified as Salt Typhoon, are linked to a sustained campaign aimed at compromising U.S. and allied networks, potentially in preparation for geopolitical conflicts, including tensions surrounding Taiwan. In recent years, several telecom providers, including industry giants like AT&T and Verizon, have also reported similar breaches, underscoring the persistent threat posed by cyber adversaries.