Ribbon, a major U.S. telecommunications company, has revealed in a public filing that state-sponsored hackers infiltrated its systems and remained undetected for nearly a year.
In a recent 10-Q report submitted to the U.S. Securities and Exchange Commission, the telecom company stated that a suspected “nation-state actor” had breached its IT infrastructure as early as December 2024. Ribbon reported the incident to authorities and believes the attackers have since been removed from its environment.
Based in Texas, Ribbon delivers telecommunications, networking, and internet solutions to businesses, large organizations, and essential infrastructure sectors like energy and transportation. Its client list includes hundreds of companies, among them Fortune 500 corporations and government bodies such as the Department of Defense.
Reuters was the first to disclose the incident.
Ribbon spokesperson Catherine Berthier confirmed that three customers were impacted by the breach, but declined to identify them, citing privacy concerns.
It remains uncertain whether the attackers stole personal data or other confidential information from Ribbon’s business clients. However, the company’s filing mentioned that “several customer files stored outside the main network on two laptops appear to have been accessed by the threat actor.” Ribbon has informed those affected.
Ribbon joins a growing list of telecom firms targeted by hackers in the last two years, but did not specify which government was behind the attack when questioned by TechCrunch.
Berthier also declined to share further details with TechCrunch, citing the ongoing nature of the investigation.
In the past, hackers linked to China have breached at least 200 U.S.-based organizations, including telecom and internet providers, to obtain call records and communications data on high-ranking U.S. officials. Companies such as AT&T, Verizon, and Lumen were among those compromised, as well as major cloud and data center providers.
Some affected organizations were located outside the U.S., including in Canada.
According to U.S. officials, the hacking group known as Salt Typhoon is one of several China-backed teams targeting the U.S. and its partners as part of a long-term campaign to prepare for a possible future conflict over Taiwan.
This story has been updated with a statement from Ribbon.
