US telecommunications giant Ribbon has confirmed that government-backed hackers accessed its network for nearly a year before they were caught, according to a public filing.
The telecom giant said in a 10-Q filing last week with the U.S. Securities and Exchange Commission that a suspected “nation state agent had accessed the company’s IT network” as early as December 2024. Ribbon said it notified law enforcement and believes the hackers are no longer on its network.
The Texas-based ribbon provides telephone, networking and Internet services for companies, enterprises and critical infrastructure organizations such as energy and transportation systems. The company counts hundreds of companies as clients, including Fortune 500 companies and government agencies such as the Department of Defense.
Reuters first news about the breach.
Catherine Berthier, a spokeswoman for Ribbon, confirmed that three of Ribbon’s customers are known to be affected, but declined to name the affected companies, citing confidentiality.
It’s unclear whether the hackers stole personally identifiable information or other sensitive data from its corporate customers during the breach, but the company noted in the filing that “some customer files stored outside the main network on two laptops appear to have been accessed by the threat actor.” Ribbon said it notified affected customers.
Ribbon is the latest in a string of telecom providers to be hacked over the past two years, but did not immediately attribute the hack to a specific government when asked by TechCrunch.
Berthier declined to provide additional information when asked by TechCrunch, citing the company’s ongoing investigation.
Chinese-backed hackers have previously targeted and breached at least 200 US-based companies, including phone and internet providers, in an attempt to steal phone records and call data for senior US government officials. Several telcos, including AT&T, Verizon and Lumen, were confirmed to have been breached as part of the campaign, along with cloud giants and data center providers.
Some of the companies were located outside the United States, including Canada.
The hackers, known as Salt Typhoon, are one of several Chinese-backed hacking groups said to be targeting the US and its allies as part of a multi-year effort to prepare for an expected future Chinese invasion of Taiwan, according to US government officials.
Updated with comment from Kordela.
