US telecommunications giant Ribbon has admitted in an official document that government-backed hackers had access to its network for almost a year before being arrested.
The major telecommunications company said in its 10th quarter disclosure document filed with the U.S. Securities and Exchange Commission last week that in December 2024, “a suspected nation-state actor had access to its IT network.” Ribbon has notified law enforcement and said it believes the hacker is no longer within its network.
Headquartered in Texas, Ribbon provides telephone, networking and Internet services to businesses, businesses and critical infrastructure organizations such as energy and transportation systems. The company counts hundreds of companies as customers, including Fortune 500 companies and government agencies such as the Department of Defense.
Reuters, which first reported the news of the breach, said three of Ribbon’s customers are known to be affected, but the companies were not named.
It’s unclear whether the hackers exfiltrated personally identifiable information or other sensitive data from corporate customers in the breach, but the company noted in its filing that “several customer files stored on two laptops outside of the main network appear to have been accessed by the threat actor.” Ribbon said it has notified affected customers.
Ribbon is the latest in a string of telecommunications providers to be hacked over the past two years, but the company did not immediately say which government it believed was behind the breach.
Ribbon spokeswoman Catherine Berthier did not respond to TechCrunch’s request for comment.
Chinese-backed hackers have targeted and compromised at least 200 U.S.-based companies, including phone and internet providers, in an effort to steal call records and data of U.S. government officials. Several carriers, including AT&T, Verizon, and Lumen, were confirmed to have been hacked as part of the campaign, along with cloud giants and data center providers.
Some of the companies were located outside the United States, such as in Canada.
The hacker, known as Salt Typhoon, is one of a group of Chinese-backed hackers said to be targeting the United States and its allies as part of a multiyear effort to prepare for a possible future Chinese invasion of Taiwan, U.S. officials said.
Source link
