By AJ Vicens
(Reuters) -Hackers working for an unnamed nation-state breached networks at Ribbon Communications, a key U.S. telecommunications services company, and remained within the firm’s systems for nearly
a year without being detected, a company spokesperson confirmed in a statement on Wednesday.
Ribbon Communications, a Texas-based company that provides technology to facilitate voice and data communications between separate tech platforms and environments, said in its October 23 10-Q filing with the Securities and Exchange Commission that the company learned early last month that people “reportedly associated with a nation-state actor” gained access to the company’s IT network, with initial access dating to early December 2024.
The hack has not been previously reported. It is perhaps the latest example of technology companies that play a critical role in the global telecommunications ecosystem being targeted as part of nation-state hacking campaigns.
Ribbon did not identify the nation-state actor, or disclose which of its customers were affected by the breach, but told Reuters in the statement that its investigation has so far revealed three “smaller customers” impacted.
“While we do not have evidence at this time that would indicate the threat actor gained access to any material information, we continue to work with our third-party experts to confirm this,” a Ribbon spokesperson said in an email. “We have also taken steps to further harden our network to prevent any future incidents.”
The company reported to the SEC that “several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor.” The spokesperson declined to elaborate on “customer files” but said there were a total of four “older files.”
There is no evidence to date that the incident would give hackers access to customer systems and the company was not aware of any government customers being impacted, the spokesperson said.
Ribbon’s technology facilitates real-time voice and data communications, allowing voice calls to join Web-based conference calls, for example.
Chinese-linked hackers had previously targeted a host of U.S. and global telecommunications companies and a U.S. state’s Army National Guard network in a wide-ranging and years-long cyberespionage campaign tracked as Salt Typhoon, first revealed in September 2024.
More recently, it emerged that Chinese hackers had infiltrated cybersecurity company F5, which provides software and products that help customers direct, manage and filter internet traffic.
The Chinese embassy in Washington did not immediately respond to a request for comment. China has previously denied U.S. allegations of hacking.
The FBI did not immediately respond to a request for comment, citing the ongoing federal government shutdown. The Cybersecurity and Infrastructure Security Agency and Defense Department did not immediately respond to a request for comment.
Ribbon Communications lists on its website customers around the world including BT, Verizon, CenturyLink , Deutsche Telekom, SoftBank Group , TalkTalk and Tata. Government clients include the U.S. Defense Department, the University of Texas at Austin, the City of Los Angeles and the Los Angeles Public Library, according to the website.
“Unit 42 continues to see advanced nation-state actors increasingly targeting networking and IT service companies that provide key services to government and critical infrastructure organizations,” said Pete Renals, director of national security programs for Unit 42 at Palo Alto Networks. “In many cases, their primary goal is to establish long-term persistence within these networks to enable global espionage.”
Ribbon Communications is a “prime example” of this trend, Renals said, given its relationships with U.S. military and major organizations in the telecommunications and energy sectors in multiple countries.
“This central role as a supplier to sensitive government and infrastructure clients makes Ribbon a lucrative target for state-aligned actors, particularly from China and Russia," Renals said.
(Reporting by AJ Vicens in Detroit; Editing by Matthew Lewis)
