U.S. telecommunications giant Ribbon has confirmed that government-backed hackers had access to its network for almost a year before being discovered. The company disclosed this information in a public filing with the U.S. Securities and Exchange Commission.
In its filing, Ribbon stated that a suspected nation-state actor first gained access to the company’s IT network as early as December 2024. The company reported the incident to law enforcement and believes the hackers have now been removed from its systems.
Headquartered in Texas, Ribbon provides phone, networking, and internet services for companies, enterprises, and critical infrastructure organizations in sectors like energy and transportation. The company serves hundreds of customers, including Fortune 500 firms and government agencies such as the Department of Defense.
Reuters first reported the news of the breach, noting that three of Ribbon’s customers are known to be affected, though the specific companies were not named.
It remains unclear if the hackers stole personally identifiable information or other sensitive data from corporate customers. However, the company noted in its filing that several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor. Ribbon stated it has notified the affected customers.
Ribbon is the latest in a series of telecommunication providers hacked over the past two years. The company did not immediately say which government it believes is behind the intrusion. A spokesperson for Ribbon did not return a request for comment.
Chinese-backed hackers have previously targeted and compromised at least 200 U.S.-based companies, including phone and internet providers. This effort aimed to steal phone records and calling data about senior U.S. government officials. Several other telecommunications companies, including AT&T, Verizon, and Lumen, were confirmed to have been hacked as part of the same campaign, along with cloud giants and data center providers. Some of the affected companies were located outside the United States, including in Canada.
The hackers, known as Salt Typhoon, are one of several China-backed hacking groups. According to U.S. government officials, these groups are said to be targeting the U.S. and its allies as part of a multi-year effort to prepare for a future anticipated Chinese invasion of Taiwan.