*

Hackers accessed Ribbon's network in December 2024

*

Three customers impacted, according to ongoing

investigation

*

Ribbon's breach part of broader trend targeting telecom

firms

By AJ Vicens

Oct 29 (Reuters) - Hackers working for an unnamed

nation-state breached networks at Ribbon Communications ( RBBN )

, a key U.S. telecommunications services company, and

remained within the firm's systems for nearly a year without

being detected, a company spokesperson confirmed in a statement

on Wednesday.

Ribbon Communications ( RBBN ), a Texas-based company that provides

technology to facilitate voice and data communications between

separate tech platforms and environments, said in its October 23

10-Q filing with the Securities and Exchange Commission that the

company learned early last month that people "reportedly

associated with a nation-state actor" gained access to the

company's IT network, with initial access dating to early

December 2024.

The hack has not been previously reported. It is perhaps the

latest example of technology companies that play a critical role

in the global telecommunications ecosystem being targeted as

part of nation-state hacking campaigns.

Ribbon did not identify the nation-state actor, or disclose

which of its customers were affected by the breach, but told

Reuters in the statement that its investigation has so far

revealed three "smaller customers" impacted.

"While we do not have evidence at this time that would

indicate the threat actor gained access to any material

information, we continue to work with our third-party experts to

confirm this," a Ribbon spokesperson said in an email. "We have

also taken steps to further harden our network to prevent any

future incidents."

The company reported to the SEC that "several customer

files saved outside of the main network on two laptops do appear

to have been accessed by the threat actor." The spokesperson

declined to elaborate on "customer files" but said there were a

total of four "older files."

There is no evidence to date that the incident would give

hackers access to customer systems and the company was not aware

of any government customers being impacted, the spokesperson

said.

Ribbon's technology facilitates real-time voice and data

communications, allowing voice calls to join Web-based

conference calls, for example.

Chinese-linked hackers had previously targeted a host of U.S.

and global telecommunications companies and a U.S. state's Army

National Guard network in a wide-ranging and years-long

cyberespionage campaign tracked as Salt Typhoon, first revealed

in September 2024.

More recently, it emerged that Chinese hackers had infiltrated

cybersecurity company F5, which provides software and products

that help customers direct, manage and filter internet traffic.

The Chinese embassy in Washington did not immediately

respond to a request for comment. China has previously denied

U.S. allegations of hacking.

The FBI did not immediately respond to a request for comment,

citing the ongoing federal government shutdown. The

Cybersecurity and Infrastructure Security Agency and Defense

Department did not immediately respond to a request for comment.

Ribbon Communications ( RBBN ) lists on its website customers around

the world including BT, Verizon, CenturyLink , Deutsche

Telekom, SoftBank Group , TalkTalk and Tata.

Government clients include the U.S. Defense Department, the

University of Texas at Austin, the City of Los Angeles and the

Los Angeles Public Library, according to the website.

"Unit 42 continues to see advanced nation-state actors

increasingly targeting networking and IT service companies that

provide key services to government and critical infrastructure

organizations," said Pete Renals, director of national security

programs for Unit 42 at Palo Alto Networks ( PANW ). "In many cases,

their primary goal is to establish long-term persistence within

these networks to enable global espionage."

Ribbon Communications ( RBBN ) is a "prime example" of this trend,

Renals said, given its relationships with U.S. military and

major organizations in the telecommunications and energy sectors

in multiple countries.

"This central role as a supplier to sensitive government

and infrastructure clients makes Ribbon a lucrative target for

state-aligned actors, particularly from China and Russia,"

Renals said.