Telco provider used by US government and others hit by nation-state hackers

News
By published

Ribbon Communications confirms breach

Hands on a laptop with overlaid logos representing network security
(Image credit: Thapana Onphalai via Getty Images)
  • Ribbon Communications suffered a cyberattack, likely by a nation-state actor targeting corporate files
  • Four older customer files were accessed from laptops; affected clients have been notified
  • Investigation continues; unauthorized access has been terminated and impact deemed non-material

Ribbon Communications has confirmed it suffered a cyberattack in which it lost sensitive customer documents.

In a new 10-Q form filed with the US Securities and Exchange Commission (SEC), the company said it became aware of the attack in early September 2025. Subsequent investigation determined that the attack was most likely conducted by a nation-state actor, with the goal of stealing corporate files.

Ribbon is a major supplier of telco services and software, with customers including Verizon, CenturyLink, and the US Defense Department, but also “smaller customers” - three of which were impacted by this intrusion.

"Smaller customers" affected

The company did not want to name the victims since the investigation is currently ongoing, but added that “a total of four older files” were accessed.

“The company has preliminarily determined that initial access by the threat actor may have occurred as early as December 2024, with final determinations dependent on completion of the ongoing investigation,” the filing reads.

“As of the date of this quarterly report on Form 10-Q, we are not aware of evidence indicating that the threat actor accessed or exfiltrated any material information. Several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor and those customers have been notified by the company.”

Ribbon did not discuss the identity of the attackers, or the nation-state behind it. It stressed that the attack most likely won’t have a material impact despite additional costs related to the investigation and the network strengthening efforts.

In the filing, Ribbon also said it has brought in multiple third-party cybersecurity experts to assist with the investigation and the forensics, and notified relevant law enforcement agencies, as well.

"While the investigation is ongoing, the Company believes that it has been successful in terminating the unauthorized access by the threat actor," it concluded.

Via The Register

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.