Telecom Spies: Ribbon Communications Breached in 9-Month State-Sponsored Espionage Attack
The American company Ribbon Communications has reported a major cyberattack on a telecommunications network that compromised both its internal systems and client infrastructure. Investigations revealed that the intruders had infiltrated the network as early as December of last year and remained undetected for nearly nine months before being discovered. Preliminary findings suggest that the operation was conducted by hackers acting on behalf of a foreign state. During this time, the attackers gained access to several client files stored on laptops outside the company’s primary infrastructure.
The incident came to light through a report submitted by Ribbon on October 23 to the U.S. Securities and Exchange Commission (SEC). The document states that specialists first noticed suspicious activity in early September and later confirmed unauthorized access to the corporate network. The company did not specify which nation the attackers may be linked to, citing a request from federal agencies participating in the ongoing investigation.
According to the report, the hackers accessed four older documents located outside the main storage system. These files belonged to three clients, all of whom have been notified. Their names and industries have not been disclosed. Ribbon representatives emphasized that there is no evidence of any critical data breach thus far, though the investigation continues in collaboration with external cybersecurity analysts and federal authorities.
Following the discovery of the attack, company engineers conducted a full system purge, blocked all entry points, and strengthened internal defenses. Ribbon stated that unauthorized access has now been completely terminated, and additional security measures have been fully deployed.
The incident has drawn particular attention because Ribbon’s clientele includes some of the world’s largest telecommunications corporations. The company supplies software and optical network solutions to operators such as Verizon, BT, Deutsche Telekom, SoftBank, and TalkTalk, and also collaborates with the U.S. Department of Defense and several municipal agencies, including the City of Los Angeles. This high-profile client base makes Ribbon an attractive target for telecom espionage, providing a potential gateway into both government and corporate networks.
Many analysts have noted that the modus operandi of this attack bears striking resemblance to operations attributed to the Salt Typhoon group, believed to be linked to China. Since the late 2010s, this group has specialized in compromising telecommunications providers and government organizations across continents, stealing vast troves of sensitive data. Their techniques for moving laterally across networks remain highly sophisticated and largely undocumented, leading experts to suspect that the Ribbon incident may be part of a broader, coordinated campaign.
The investigation is ongoing with the participation of federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA). The agency confirmed its awareness of the situation but redirected all inquiries to Ribbon. The company, in turn, stated that it is reinforcing its security architecture and expanding cooperation with independent research groups to ensure that such breaches do not recur.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
