US telecommunications giant Ribbon has admitted in an official document that government-backed hackers had access to its network for almost a year before being arrested.
The major telecommunications company said in its 10th quarter disclosure document filed with the U.S. Securities and Exchange Commission last week that in December 2024, “a suspected nation-state actor had access to its IT network.” Ribbon has notified law enforcement and said it believes the hacker is no longer within its network.
Headquartered in Texas, Ribbon provides telephone, networking and Internet services to businesses, businesses and critical infrastructure organizations such as energy and transportation systems. The company counts hundreds of companies as customers, including Fortune 500 companies and government agencies such as the Department of Defense.
Reuters first reported news of the breach.
Ribbon spokeswoman Catherine Berthier confirmed that three of Ribbon’s customers are known to be affected, but declined to name the affected companies, citing confidentiality.
It’s unclear whether the hackers exfiltrated personally identifiable information or other sensitive data from corporate customers in the breach, but the company noted in its filing that “several customer files stored on two laptops outside of the main network appear to have been accessed by the threat actor.” Ribbon said it has notified affected customers.
Ribbon is the latest in a string of telecommunications providers to be hacked in the past two years, but TechCrunch did not immediately attribute the hack to any particular government.
Berthier declined to provide additional information when contacted by TechCrunch, citing the company’s ongoing investigation.
Chinese-backed hackers have targeted and compromised at least 200 U.S.-based companies, including phone and internet providers, in an effort to steal call records and data of U.S. government officials. Several carriers, including AT&T, Verizon, and Lumen, were confirmed to have been hacked as part of the campaign, along with cloud giants and data center providers.
Some of the companies were located outside the United States, such as in Canada.
The hacker, known as Salt Typhoon, is one of a group of Chinese-backed hackers said to be targeting the United States and its allies as part of a multiyear effort to prepare for a possible future Chinese invasion of Taiwan, U.S. officials said.
Updated with comments from Ribbon.
