U.S. telecommunications company Ribbon Communications reported a compromise of its IT network, potentially involving hackers acting on behalf of a foreign state. The incident began in December 2024 but was only discovered nine months later, in September 2025.
Ribbon develops networking and communications solutions for telecommunications operators and critical infrastructure worldwide. The company’s clients include the U.S. Department of Defense, the Los Angeles city government and the Los Angeles Public Library, the University of Texas at Austin, as well as major telecom providers, including Verizon, BT, Deutsche Telekom, SoftBank, and TalkTalk.
In a report filed with the U.S. Securities and Exchange Commission, the company states that it learned of unauthorized access to its systems in early September. Representatives of Ribbon claim that they quickly contained the attack and blocked the intruders’ access. An investigation into the incident is ongoing, with federal law enforcement and external cybersecurity specialists already involved.
It is noted that no indications of a critical data leak have been found. Nevertheless, the company confirms that the attackers gained access to files belonging to a number of customers that were stored on two laptops outside the main network. According to Reuters sources, the affected parties include three small Ribbon customers.
Although Ribbon does not name a specific hacker group that may have been behind this attack, experts note similarities to a series of last year’s breaches of telecom companies attributed to the cyber-espionage group Salt Typhoon. At the time, CISA and the FBI warned of the compromise of numerous operators in the US and other countries, including AT&T, Verizon, Lumen, Charter, and Windstream.