This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact The Epoch Times Reprints.
A nation-state hacker infiltrated the networks of Ribbon Communications and lurked undetected for nearly a year, a company spokesperson confirmed on Oct. 29.
The Texas-based firm disclosed in its quarterly report filed with the Securities and Exchange Commission on Oct. 23 that it discovered the breach in early September. The hackers tied to a foreign government first slipped into the system in about December 2024.
The filing did not identify the hacker or the nation involved.
The company stated that the breach caused fluctuations in revenue, supply chain disruptions, and general cybersecurity threats.
Ribbon Communications provides technology for voice and data communication to telecom firms and governments. The filing does not clarify the extent of the damage done in the incident, although it does file the incident with material cybersecurity and data intrusion risks.
“While we do not have evidence at this time that would indicate the threat actor gained access to any material information, we continue to work with our third-party experts to confirm this,” a Ribbon spokesperson said in an emailed statement. “We have also taken steps to further harden our network to prevent any future incidents.”
The company reported to the Securities and Exchange Commission that “several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor.” The spokesperson declined to elaborate on “customer files” but said there were a total of four “older files.” The spokesperson also confirmed that “small customers” were affected by the threat actor.
The incident comes amid nation-state cyberthreats to telecom infrastructure, with governments regularly issuing advisories highlighting ongoing attacks on mission-critical networks. Federal guidelines require timely reporting of material incidents.
Federal authorities have highlighted groups such as Salt Typhoon, which has compromised U.S. telecom providers and was sanctioned by the Treasury Department in January.
In the Salt Typhoon incident, foreign actors sponsored by China compromised at least eight U.S. communications companies, accessing sensitive applications, as part of a global espionage campaign, the Federal Communications Commission (FCC) stated at the time.
“Telecommunications networks are critical to the nation’s defense, public safety, and economic systems,” reads an FCC fact sheet on the incident. “While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, the FCC can act now to strengthen cybersecurity safeguards and ensure resilience against future cyberattacks by adversaries.”
Nation-state cyberattacks on infrastructure such as telecommunications threaten vulnerabilities in supply chains and economic dislocation, according to a study published by Eastern Kentucky University in 2024.
Ribbon’s clients include Verizon, CenturyLink, Deutsche Telekom, SoftBank Group, TalkTalk, and Tata, according to the company’s website, as well as the War Department, the University of Texas–Austin, the city of Los Angeles, and the Los Angeles Public Library.
The company stated that it is conducting risk management, including monitoring for third-party compromises.
“Today, America’s enemies need not attack our government to have a substantive national strategic effect,” wrote retired Army Gen. Keith B. Alexander, former associate counsel to President George W. Bush; former Air Force defense analyst Jennifer S. Brunet; and Jamil N. Jaffer for George Mason University in a 2017 report.
“Indeed, in some ways, attacking the U.S. civilian or economic infrastructure may be a more effective approach in the modern era, particularly for asymmetric actors or nation-state proxies.”
Kimberly Hayek is a reporter for The Epoch Times. She covers California news and has worked as an editor and on scene at the U.S.-Mexico border during the 2018 migrant caravan crisis.