top of page
outsystems-Q225-prospecting-ban-v1-300x600.png
outsystems-Q225-prospecting-ban-v1-728x90.png
TechNewsHub_Strip_v1.jpg

LATEST NEWS

Nation-State hackers breached US telecom giant Ribbon and remained undetected for nearly a year

  • Marijan Hassan - Tech Journalist
  • 1 day ago
  • 2 min read

U.S. telecommunications software provider Ribbon Communications has confirmed it was compromised by hackers believed to be associated with a nation-state actor. It gets worse. The cybercriminals may have maintained stealthy, unauthorised access to the company's internal network for nearly a year.


ree

The revelation raises significant concerns due to Ribbon's critical role in the global telecom backbone. Among its list of clients are Verizon, BT, Deutsche Telekom, and the U.S. Department of Defense.


A year of undetected espionage

Ribbon's disclosure confirmed a significant timeline for the breach:


  • Initial access: Preliminary investigation suggests the attackers first infiltrated Ribbon's IT network as early as December 2024.

  • Discovery: The company only became aware of the unauthorised access in early September 2025.


The lengthy "dwell time" spanning up to ten months without detection is a hallmark of sophisticated Advanced Persistent Threats (APTs) often linked to foreign governments. This would then mean the goal was long-term espionage rather than disruptive ransomware.


Cybersecurity analysts have widely speculated that the attack profile is consistent with campaigns executed by Chinese state-sponsored groups, such as the widely reported Salt Typhoon.


Compromised data and customer impact

Ribbon, which provides networking solutions and secure cloud communications, stated that it has successfully terminated the unauthorised access and is working with federal law enforcement and third-party cybersecurity experts on an ongoing investigation.


The company said it hasn’t found evidence indicating the theft of "material information" from its main network or any impact on government customers. However, it confirmed that customer files were accessed.


"Several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor," it said, adding that three of the company's "smaller customers" whose files were compromised have been notified of the incident.


Industry-wide concern

The compromise of a critical supply chain provider like Ribbon amplifies fears about the security of the global communications infrastructure. Experts warn that even minimal exfiltrated data, such as internal network blueprints or configuration files, could arm foreign adversaries with intelligence useful for planning future, larger-scale attacks on the telecom ecosystem.


The incident follows a similar disclosure from network security partner F5 Networks earlier this year.

wasabi.png
Gamma_300x600.jpg
paypal.png
bottom of page