Government hackers hacked telecom giant Ribbon for several months before they were caught

US telecoms giant Ribbon has confirmed that government-backed hackers had access to its network for about a year before they were caught, according to a public filing.

The telecom giant said in a 10-Q filing last week with the U.S. Securities and Exchange Commission that a “suspected nation-state actor gained access to the company’s IT network” as early as December 2024. Ribbon said it had notified law enforcement and that it believed the hackers were no longer present in its network.

Headquartered in Texas, Ribbon provides telephone, network and Internet services to businesses, enterprises and critical infrastructure organizations, such as energy and transportation systems. The company counts hundreds of companies as clients, including Fortune 500 companies and government agencies, such as the Department of Defense.

Reuters was the first to report news of the hack.

Ribbon spokeswoman Catherine Berthier confirmed that three Ribbon customers are known to be affected, but declined to name the affected companies, citing confidentiality.

It’s not clear whether the hackers leaked any individuals’ personally identifiable information or other sensitive data from its corporate customers in the breach, but the company noted in the filing that “several customer files saved outside the main network on two laptops appear to have been accessed by the threat actor.” Ribbon said it has notified affected customers.

Ribbon is the latest in a series of telecom providers that have been hacked over the past two years, but they did not immediately attribute the hack to a specific government, when asked by TechCrunch.

Berthier declined to provide additional information when asked by TechCrunch, citing the company’s ongoing investigation.

China-backed hackers have previously targeted at least 200 US-based companies, including phone and internet service providers, in an attempt to steal the phone records and contact data of senior US government officials. Several telecommunications companies, including AT&T, Verizon and Lumen, have been confirmed to have been compromised as part of the campaign, along with cloud giants and data center providers.

Some companies were located outside the United States, including Canada.

The hackers, known as Salt Typhoon, are one of several Chinese-backed hacking groups said to be targeting the United States and its allies as part of a multi-year effort to prepare for an expected future Chinese invasion of Taiwan, according to US government officials.

Updated with comment from Ribbon.