SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

Major US Telecom Backbone Firm Hacked by Nation-State Actors

Ribbon Communications provides technology for communications networks and its customers include the US government and major telecom firms. 
Cisco vulnerability exploited

Ribbon Communications, an American company that provides backbone technology for communication networks, has been targeted by hackers.

Ribbon provides communications and networking solutions that enable organizations to reliably run phone calls and data networks.

The firm says its solutions are used by service providers, enterprises and critical infrastructure organizations. Its website lists BT, Verizon, Deutsche Telekom, CenturyLink, TalkTalk, Softbank, and Tata as its customers, along with the US Department of Defense and the City of Los Angeles.

In a quarterly financial report submitted recently to the SEC, Ribbon said it discovered unauthorized access to its IT network in early September 2025.

An investigation showed that the hackers may have gained initial access as early as December 2024, but the probe is still ongoing.

Ribbon has not shared any technical details on the incident, but said a nation-state threat actor is believed to be behind the attack.

Advertisement. Scroll to continue reading.

At the time of the quarterly report’s submission Ribbon had not found any evidence that the hackers accessed or exfiltrated material information, but the company admitted that “several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor”. 

Impacted customers have been notified. While the company expects to incur some costs as a result of its investigation into the cybersecurity incident, it does not expect the hack to have a material impact. 

While it’s unclear who was behind the Ribbon intrusion, the attack profile points to China as a likely suspect. 

China has been known to conduct sophisticated cyberespionage campaigns targeting telecommunications companies in North America and elsewhere. 

Chinese cyberspies are also believed to be behind the recently discovered attack targeting security and application delivery solutions provider F5.

Related: North Korean Hackers Aim at European Drone Companies

Related: Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day

Related: Security Firm Exposes Role of Beijing Research Institute in China’s Cyber Operations

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting.

Nudge Security has appointed Patrick Dillon as its Chief Revenue Officer.

AutoNation has appointed Brian Fricke as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.