-
Ribbon Communications and others have become victims of a data breach, possibly by a state actor seeking corporate documents.
-
Four of its prominent customers’ documents were accessed on computers, and the affected customers have been informed.
-
Ribbons explained that the firm has successfully terminated the threat actor’s access to its systems, amid the ongoing investigations with alliances.
Ribbon Communications is a very large telecom company that bases its operations in the United States. The company revealed very recently that a bad actor entered its systems without authorization & stole very personal information that its customers added.
According to the 10-Q filing it submitted to the Security and Exchange Commission in the US the telecommunication provider took notice of the data breach in September 2025.
After the discovery, Ribbon started an investigation immediately, where experts found out that a nation-state hacker was most likely responsible for the attack. The firm noted that the hacker aimed to exploit corporate files.
Ribbon Comms Reports Being Hacked
According to the filing, the firm traced the threat actor’s original access to its IT network to December 2024. The hacker remained hidden in Ribbon’s systems for almost a year before authorities discovered them last month.
Ribbon is a prominent telecommunication service provider, offering services to both retail and mainstream customers in the United States, such as CenturyLink, Verizon, and the United States Defense Department. The firm’s technology allows for real-time voice and data communication, even enabling users to join web-based conference calls using voice calls.
Smaller Clients Hit by Attack
It is worth noting that Ribbon Communications did not want to disclose the names of the victims of the recent breach. Ribbon stated that the hacker illegally accessed documents belonging to exactly four smaller customers.
As per the filing, the firm noted that final determinations rely on when the existing investigation ends.
Ribbon further noted in the form that it is currently not aware of any evidence proving that the actor accessed or exfiltrated any material details. Investigators found that the hacker accessed various client documents stored outside the main network on two connected laptops.
The telecommunication giant also stated that it has introduced numerous third-party cybersecurity professionals to help out in the ongoing investigations and forensics. In addition, Ribbons informed the relevant enforcement commissions.
Additionally, the business claimed it has now successfully eliminated the risk of unauthorized access to its networks.
No one revealed the cyberattack until now. Hackers likely targeted this international tech firm as part of recent nation-state–linked cyber campaigns.
In similar developments, several telecommunications firms in the United States and an Army National Guard network were targeted by Chinese-linked hackers. Researchers traced these multi-year cyber attacks, known as Salt Typhoon, back to the attackers in September 2024.
As per a Reuters report, the threat actors repeatedly and “extensively” hacked the unnamed US Army National Guard’s IT systems. The hackers conducted these attacks from March to December 2024, exfiltrating “data traffic” and maps with counterparts’ networks. They did this to their counterparts in every other state in the US and for at least four prominent US territories.
While Beijing has repeatedly denied responsibility for the attacks, it is worth noting that the Salt Typhoon has done more harm than merely gathering intelligence. US officials believe that the group is positioning itself to critically attack the United States’ infrastructure should there be any possibility of conflict with China.
