Texas-based telecom technology company Ribbon Communications has revealed that government-backed hackers secretly accessed its internal network for almost a year before being discovered.
In a public filing with the U.S. Securities and Exchange Commission (SEC), Ribbon said the breach began as early as December 2024 and went undetected until September 2025. The company confirmed that the hackers were highly sophisticated and likely linked to a nation-state, though it did not name which country was responsible.
How the Breach Happened
Ribbon discovered the intrusion in September and immediately launched an investigation with outside cybersecurity experts. It also informed U.S. law enforcement and worked to remove the attackers from its systems.
The company has not said exactly how the hackers broke in or what methods they used. However, experts believe the attack shares patterns with China-linked cyber groups that have recently targeted U.S. telecom and infrastructure providers.
What Was Affected
According to the filing, several customer files stored on two laptops outside Ribbon’s main network were accessed by the attackers. Ribbon said three customers were affected, though it refused to identify them for privacy reasons.
The company added that, so far, there is no evidence that sensitive or personal data from its main systems were stolen. The affected customers have already been notified.
Ribbon provides telecom infrastructure, internet, and networking technology to major corporations and U.S. government agencies, including the Department of Defense. This makes it a valuable target for hackers seeking to spy on communications or gather intelligence.
Why It Matters
This attack highlights a growing wave of state-sponsored hacking against telecom companies. These firms are key parts of national communication networks — and if breached, hackers could potentially access call records, data traffic, or customer information.
In recent years, Chinese state-backed groups like “Salt Typhoon” have compromised hundreds of U.S. companies, including AT&T, Verizon, and Lumen, in efforts to collect intelligence on government officials and defense networks.
Ribbon’s Response
Ribbon says it has removed the attackers, improved its cybersecurity systems, and continues to work with authorities to investigate. The company expects minor financial costs related to the cleanup but does not believe the breach will have a major impact on its business.
“Protecting our network and our customers is our highest priority,” said a company spokesperson. “We’ve taken steps to strengthen our systems and prevent similar incidents in the future.”
The Bigger Picture
The Ribbon breach is part of a larger trend of cyber espionage targeting the U.S. telecom and infrastructure sectors. Experts warn that these intrusions are often long-term operations designed to prepare for future conflicts — including a potential Chinese invasion of Taiwan, which U.S. officials have publicly raised concerns about.
As the investigation continues, regulators and cybersecurity analysts will be watching closely to see whether other suppliers or government systems connected to Ribbon were affected.