State Hackers Infiltrated Telecom Giant Ribbon for Months
▼ Summary
– Ribbon confirmed that government-backed hackers had access to its network for nearly a year, starting as early as December 2024.
– The company provides telecommunications services to critical infrastructure organizations, Fortune 500 firms, and government agencies like the Department of Defense.
– Three Ribbon customers were affected by the breach, and the hackers accessed files on two laptops outside the main network.
– This incident is part of a series of hacks targeting U.S. telecommunications providers, though the responsible government was not named.
– Chinese-backed hacking groups, including Salt Typhoon, have previously targeted U.S. companies to gather intelligence related to potential actions against Taiwan.
A major American telecommunications provider, Ribbon Communications, has officially acknowledged that state-sponsored hackers maintained unauthorized access to its internal systems for close to a full year. The company detailed the security incident in a recent regulatory filing submitted to the U.S. Securities and Exchange Commission. According to the disclosure, a suspected nation-state actor first infiltrated the corporate IT infrastructure as early as December 2024. Ribbon has since informed law enforcement agencies and asserts it has now removed the threat actor from its network.
Headquartered in Texas, Ribbon delivers essential phone, networking, and internet services to a wide range of corporate clients, enterprises, and critical infrastructure sectors. Its customer portfolio includes hundreds of businesses, among them Fortune 500 companies and key government departments like the Department of Defense. The breach’s impact reportedly extends to at least three of Ribbon’s customers, though their identities have not been made public.
While the full scope of the data theft remains uncertain, the company confirmed that the attackers accessed several customer files stored on two laptops located outside the primary corporate network. Ribbon has directly notified the customers believed to be affected by this specific access. The company has not publicly attributed the attack to any specific foreign government.
Ribbon now joins a growing list of telecommunications firms that have suffered significant cyber intrusions over the last two years. A spokesperson for the company did not respond to media inquiries seeking further comment on the incident.
This event echoes previous campaigns where Chinese state-backed hacking groups systematically targeted U.S. telecommunications providers. In those prior attacks, groups compromised at least 200 American companies, including major carriers, with the objective of stealing phone records and call data related to high-ranking U.S. officials. Several well-known providers like AT&T, Verizon, and Lumen were confirmed victims in that widespread espionage effort, which also impacted cloud service and data center companies, including some located in allied nations such as Canada.
U.S. government officials have linked one specific group, known as Salt Typhoon, to these activities. They are identified as one of several China-supported hacking collectives engaged in a sustained, multi-year campaign targeting the United States and its allies. Intelligence assessments suggest these operations are part of a broader strategic effort to gather intelligence in preparation for a potential future conflict scenario involving Taiwan.
(Source: TechCrunch)
