Ribbon Communications Breach Marks Latest Telecom Hack TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsCyber RiskZombie Projects Rise Again to Undermine SecurityZombie Projects Rise Again to Undermine SecuritybyRobert Lemos, Contributing WriterOct 30, 20257 Min ReadVulnerabilities & ThreatsLotL Attack Hides Malware in Windows Native AI StackLotL Attack Hides Malware in Windows Native AI StackbyNate Nelson, Contributing WriterOct 30, 20255 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllThreat IntelligenceSilver Fox APT Blurs the Line Between Espionage & CybercrimeSilver Fox APT Blurs the Line Between Espionage & CybercrimebyNate Nelson, Contributing WriterAug 8, 20253 Min ReadThreat IntelligenceIran-Israel War Triggers a Maelstrom in CyberspaceIran-Israel War Triggers a Maelstrom in CyberspacebyNate Nelson, Contributing WriterJun 19, 20255 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsLibraryNewslettersPodcastsReportsVideosWebinarsWhite papers Partner PerspectivesSEE ALLCyberattacks & Data BreachesData PrivacyVulnerabilities & ThreatsCyber RiskNewsRibbon Communications Breach Marks Latest Telecom AttackRibbon Communications Breach Marks Latest Telecom AttackRibbon Communications Breach Marks Latest Telecom AttackThe US telecom company disclosed that suspected nation-state actors first gained access to its network in December of last year, though it's unclear if attackers obtained sensitive data.Rob Wright, Senior News Director, Dark ReadingOctober 31, 20254 Min ReadSource: Kristoffer Tripplaar via Alamy Stock PhotoYet another US telecommunications firm has fallen victim to a nation-state cyberattack.In its quarterly earnings report last week, Ribbon Communications disclosed that its network had been breached and that cyberattackers had lurked in the company's environment for almost a year. The breach marks the latest in a string of attacks against US telecom firms, which have alarmed the cybersecurity community as well as government officials.Ribbon, based in Plano, Texas, specializes in communications software and IP optical networking technology for service providers and critical infrastructure organizations. The company was formed in 2017 following the merger of Sonus Networks and Genband. Nation-State Hackers Take Aim at Telcos AgainIn its 10-Q filing with the US Securities and Exchange Commission on Oct. 23, Ribbon said it first detected the intrusion in early September and promptly initiated its incident response plan, with assistance from several third-party cybersecurity organizations and federal law enforcement. "The Company has preliminarily determined that initial access by the threat actor may have occurred as early as December 2024, with final determinations dependent on completion of the ongoing investigation," the 10-Q form stated. "As of the date of this quarterly report on Form 10-Q, we are not aware of evidence indicating that the threat actor accessed or exfiltrated any material information. Several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor and those customers have been notified by the Company."Related:Dentsu Subsidiary Breached, Employee Data StolenThe attackers were "reportedly associated with a nation-state actor," according to the 10-Q filing. It's unclear who made the association to nation-state actors. A Ribbon spokesperson tells Dark Reading that the company cannot disclose that information at the request of the third parties the company is working with.Ribbon also said it believes that the attackers' access has been cut off, and that the attack has not had a material impact on the company. The company provided the following statement to Dark Reading."Ribbon prides itself on our long-standing partnerships with our customers and we know that security is a paramount concern within their networks. While we do not have evidence at this time that would indicate the threat actor gained access to any material information, we continue to work with our third-party experts to confirm this," Ribbon said in the statement. "We have also taken steps to further harden our network to prevent any future incidents. Our investigation remains on-going, and we will provide any material updates as warranted."Related:Cybersecurity Firms See Surge in AI-Powered Attacks Across AfricaOne Data Breach After Another for Telecom SectorThe attack on Ribbon follows several notable breaches of US firms, as well as telecom companies in other countries, in recent years. The most notable of these attacks were committed by Salt Typhoon, a Chinese nation-state threat group focused on cyberespionage. The attacks, which first came to light in 2024, impacted several telecom and ISP providers such as Verizon, AT&T, and Lumen. The access achieved by Salt Typhoon actors, which included the telcos' law enforcement request systems for wire-tapping and surveillance, sparked deep concern among government officials and lawmakers and led to efforts to bolster security for such companies.However, more Salt Typhoon attacks came to light this year. And nation-state threat actors aren't the only ones taking aim at telecom companies. For example, a teenager accused of being a member of the Scattered Spider cybercriminal collective was arrested last year for allegedly hacking into several companies, including two US telecom firms. According to authorities, Remington Goy Ogletree allegedly used one of the breached telecom companies to send millions of phishing texts in a wide-ranging cryptocurrency theft campaign.Related:YouTube Ghost Network Utilizes Spooky Tactics to Target UsersA US Army soldier was also arrested last year in connection with breaches of more than a dozen telecom providers. Cameron John Wagenius, who pled guilty to several charges this summer, hacked into 15 companies and stole call logs for high-profile individuals, including President Donald Trump. While US government has taken steps to address cyber threats to the telecom sector, some of those efforts have run into obstacles. In January, the Trump administration disbanded the Cybersecurity and Infrastructure Security Agency's (CISA) Cyber Safety Review Board (CSRB), which had been investigating the Salt Typhoon attacks. The CSRB had previously investigated a Chinese nation-state attack on Microsoft and issued a scathing report last year that said the breach was the result of "a cascade of security failures" at the technology giant.More recently, Federal Communications Commission (FCC) Chair Brendan Carr announced his agency would seek to reverse an order from the previous FCC that imposed cybersecurity requirements on telecom companies. Under the Biden administration, the FCC ruled earlier this year that such companies are legally obligated to secure their networks under Section 105 of the Communications Assistance for Law Enforcement Act (CALEA).However, Carr this week criticized the order, which he said "exceeded the agency's authority" and failed to effectively address current cyber threats, and said the agency would vote to overturn it next month.About the AuthorRob WrightSenior News Director, Dark ReadingRob Wright is a longtime reporter and senior news director for Informa TechTarget's security team. He is based in the Boston area.See more from Rob WrightMore InsightsIndustry ReportsIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025The Total Economic Impact™ Of Palo Alto Networks NextGeneration FirewallsMiercom Test Results: PA-5450 Firewall WinsSecurity Without Compromise Better security, higher performance and lower TCOAccess More ResearchWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeEditor's ChoiceCybersecurity OperationsElectronic Warfare Puts Commercial GPS Users on NoticeElectronic Warfare Puts Commercial GPS Users on NoticebyRobert Lemos, Contributing WriterOct 21, 20254 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeNov 13, 2025During this event, we'll examine the most prolific threat actors in cybercrime and cyber espionage, and how they target and infiltrate their victims.Secure Your SeatWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksOn-DemandThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterTues, Nov 18, 2025 at 1pm ESTSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMore WebinarsWhite PapersHow to Chart a Path to Exposure Management MaturitySecurity Leaders' Guide to Exposure Management StrategyThe NHI Buyers GuideThe AI Security GuideTop 10 Identity-Centric Security Risks of Autonomous AI AgentsExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The recent breach at Ribbon Communications, a US-based telecommunications company specializing in communications software and IP optical networking technology, represents another alarming escalation in the ongoing trend of nation-state actors targeting the telecom sector. As detailed in a Dark Reading report published on October 31, 2025, the intrusion began in December 2024, with attackers remaining undetected within the company’s network for nearly a year. This incident highlights the sustained and sophisticated threat landscape faced by critical infrastructure organizations.

Ribbon, formed through the merger of Sonus Networks and Genband in 2017, was initially identified as a prime target due to its role servicing service providers and critical infrastructure. The attackers, reportedly associated with a nation-state actor, exploited vulnerabilities within the company’s systems, leveraging access achieved through a series of cyber espionage attempts. While the exact nature of the nation-state affiliation remains undisclosed at the request of third-party partners assisting in the investigation, the incident underscores the significant risk posed by state-sponsored actors.

The discovery of the breach coincided with the company’s quarterly earnings report, triggering a swift response involving third-party cybersecurity experts and federal law enforcement. The company’s initial assessment indicates that while no material information was directly accessed or exfiltrated, several customer files saved outside the main network on two laptops were accessed, leading to notifications being sent to affected customers. This underscores the potential for attackers to utilize seemingly innocuous data repositories to gain broader network access.

The timeline of the attack—starting in December 2024—mirrors a growing pattern of sustained intrusions against telecom firms. This trend is further supported by other recent attacks, including those conducted by Salt Typhoon, a Chinese nation-state threat group, which had previously impacted Verizon, AT&T, and Lumen. This group’s tactics, which included gaining access to law enforcement wire-tapping and surveillance systems, generated substantial concern amongst government officials and lawmakers. The attacks highlighted the critical vulnerability of telecom infrastructure to cyber espionage and the need for enhanced cybersecurity measures. Later attacks by the Scattered Spider cybercriminal collective and a US Army soldier further emphasized the breadth of threats targeting the sector.

Despite immediate containment efforts, the Ribbon Communications breach reinforces the precarious situation facing telecommunications companies. The company’s response involved not only technical remediation but also a hardening of its network defenses, demonstrating an awareness of the long-term risks associated with successful intrusion. This included an ongoing investigation and the utilization of third-party experts to confirm the extent of the intrusion. Furthermore, Ribbon’s statement reflects a common reaction—a continued commitment to partnering with cybersecurity specialists and leveraging federal law enforcement support.

The broader implications of this incident extend beyond the immediate impact on Ribbon Communications. It reinforces the vulnerability of critical infrastructure—a theme that has been repeatedly underscored by numerous cybersecurity breaches in recent years. Recent regulatory interventions, including the FCC's efforts to impose cybersecurity requirements on telecom companies, are designed to mitigate these risks, but the persistent threat from nation-state actors and sophisticated cybercriminal groups suggests that a more comprehensive and adaptable approach to cybersecurity is required. The ongoing debate surrounding regulatory oversight and the potential for government intervention highlights the complex relationship between national security, economic competitiveness, and the protection of sensitive information.