U.S. Firm Serving Major Telcos Confirms Nation-State Hack, Sets Off Alarms

A U.S. company with direct links to global telecom giants has revealed that it suffered a prolonged state-sponsored cyberattack. 

Ribbon Communications, based in Texas, provides critical voice and data-routing services to major carriers such as Verizon, Deutsche Telekom and SoftBank Group. Its October 10-Q filing shows that hackers linked to a foreign state gained access in December 2024 and remained undetected for nearly a year. 

The hackers reportedly accessed older customer files stored offline on two laptops. Ribbon says the number of affected customers is small—three smaller clients so far—and that there’s no evidence major customer systems or government data were breached. 

Because of Ribbon’s role as a major telecom supplier, security experts say this incident raises concerns for broader infrastructure risks. They warn that attackers may seek long-term persistence to exploit sensitive networks. 

Ribbon has taken immediate action by hardening its network and working with third-party cyber forensics. The company still declines to name the nation-state actor behind the breach. 

The revelation comes amid rising tensions between state-backed hackers and global telecom operators—some of which have already acknowledged previous campaigns linked to the Chinese-affiliated hacker group Salt Typhoon.