Hackers working on behalf of an unidentified foreign government infiltrated the systems of Ribbon Communications, a major American telecommunications technology provider, remaining inside the company’s network for nearly a year before being discovered.
The Texas-based firm confirmed the breach on Wednesday, noting it had only recently detected the intrusion.
According to Ribbon’s October 23 10-Q filing with the Securities and Exchange Commission (SEC), the company found in early September that individuals “reportedly associated with a nation-state actor” had accessed its IT network as far back as December 2024.
The company’s technology enables interoperability between different voice and data platforms—making it a critical player in the global telecommunications landscape.
This incident underscores a growing trend of sophisticated cyberattacks targeting companies that support vital communication infrastructure worldwide.
Related story: U.S. Further Tightens Restrictions on Chinese Telecom Equipment Over Security Fears
Investigation and Early Findings
Ribbon has not publicly named the country suspected of the breach, nor has it revealed which specific customers were affected. However, the company told Reuters that its internal investigation identified three “smaller customers” impacted.
“While we do not have evidence at this time that would indicate the threat actor gained access to any material information, we continue to work with our third-party experts to confirm this,” a company spokesperson stated.
“We have also taken steps to further harden our network to prevent any future incidents.”
The company added in its SEC filing that “several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor.” These files were described as four “older” documents, though further details were not provided.
So far, investigators have found no proof that hackers gained entry into customer systems, and Ribbon said it was unaware of any government entities being affected.
Growing Concerns Over Global Cyber Espionage
Recent cyber campaigns have seen Chinese-linked groups compromise a range of U.S. telecommunications companies and even a state’s Army National Guard network, in operations tracked as Salt Typhoon. Separately, Chinese hackers were also reported to have breached cybersecurity firm F5 earlier this year.
Responding to questions from Reuters, Liu Pengyu, spokesperson for the Chinese embassy in Washington, said he was unaware of the situation, adding that “China opposes hacking and combats it in accordance with the law.”
He also cited Beijing’s own accusations that U.S.-based hackers targeted China’s National Time Service Center, labeling the U.S. “the world’s No. 1 hacking state.”
Meanwhile, a U.S. embassy spokesperson in Beijing described China as “the most active and persistent cyber threat to U.S. government, private-sector, and critical infrastructure networks.”
Cyber experts note that such attacks are increasingly aimed at companies like Ribbon that serve both government and commercial clients.
“Unit 42 continues to see advanced nation-state actors increasingly targeting networking and IT service companies,” said Pete Renals of Palo Alto Networks. He called Ribbon a “prime example” of this pattern, given its close ties with U.S. military and global telecom providers.
Read next: Global Giants Slash Jobs as AI and Economic Gloom Reshape the Workforce