Hackers linked to a foreign government infiltrated the systems of Ribbon Communications, a major U.S. telecommunications services provider, remaining undetected for nearly a year before being discovered. The breach, first revealed in an October 23 SEC filing, represents one of the most recent examples of nation-state actors targeting critical telecom infrastructure to conduct espionage operations.
Details of the Intrusion and Impact on Customers
According to Ribbon Communications, the company learned in early September 2025 that actors “reportedly associated with a nation-state” had gained access to its IT network as early as December 2024. The intrusion was not publicly disclosed until now.
The Texas-based firm enables real-time voice and data communication across disparate platforms, serving global telecom providers and government clients, including the U.S. Department of Defense and major carriers such as Verizon, BT, and Deutsche Telekom.
A company spokesperson confirmed that forensic investigations have identified three “smaller customers” impacted by the attack. While there is currently no evidence that the threat actors accessed “material information” or infiltrated customer systems, investigators determined that “several customer files saved outside of the main network on two laptops” were accessed. These included four older files containing unspecified data.
“We continue to work with our third-party experts to confirm the full scope of the incident and have taken steps to further harden our network,” a Ribbon spokesperson stated.
The company emphasized that there is no indication any government clients were affected. However, given Ribbon’s deep integration across global telecommunications systems, the breach underscores the increasing vulnerability of providers that connect multiple critical infrastructure entities.
Broader Context of Nation-State Targeting in Telecom
The incident follows a string of high-profile cyberespionage operations targeting U.S. telecommunications and IT service providers. In September 2024, cybersecurity researchers disclosed a Chinese-linked campaign known as Salt Typhoon that compromised numerous telecom networks and even a U.S. Army National Guard system.
More recently, Chinese state-sponsored hackers were reported to have breached F5 Networks, a major supplier of traffic management and cybersecurity solutions used globally.
When asked about the latest incident, a spokesperson for the Chinese embassy in Washington denied any knowledge, asserting that attribution of cyber operations is “difficult to trace” and reiterating that “China opposes hacking and combats it in accordance with the law.” The spokesperson also accused the United States of being “the world’s No. 1 hacking state,” citing Chinese government allegations of U.S. cyber activity targeting the National Time Service Center.
Meanwhile, a U.S. embassy spokesperson in Beijing reaffirmed the American position that China “remains the most active and persistent cyber threat to U.S. government, private-sector, and critical infrastructure networks.”
Growing Threat to Telecom Infrastructure and Government Supply Chains
Cybersecurity experts have warned that telecom backbone providers like Ribbon Communications represent prime targets for long-term cyberespionage. Pete Renals, Director of National Security Programs at Palo Alto Networks’ Unit 42, said such companies are increasingly being exploited to establish persistent access to sensitive systems worldwide.
“Ribbon Communications is a prime example of this trend,” Renals said. “Its central role as a supplier to government and infrastructure clients makes it a lucrative target for state-aligned actors, particularly from China and Russia.”
The FBI and Department of Defense have not commented publicly on the Ribbon breach due to the ongoing federal government shutdown. However, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed awareness of the disclosure and indicated it continues to monitor the situation.
The breach at Ribbon Communications highlights a persistent and growing concern: that state-sponsored hackers are embedding themselves deep within the infrastructure connecting nations, businesses, and defense networks — an increasingly strategic battlefield in the realm of global cyber operations.
