Suspected Chinese actors compromise U.S. Telecom firm Ribbon Communications
October 31, 2025
A nation-state actor, likely a China-nexus one, hacked the U.S.-based technology company Ribbon Communications.
Ribbon Communications is a U.S.-based technology company that provides telecommunications and networking. Ribbon Communications employs approximately 3,052 people as of December 31, 2024. The company reported annual revenue of US $834 million in 2024.
The U.S. telecom provider disclosed a cyberattack likely by a China-nexus nation-state actor. The intrusion was discovered in September 2025, but it possibly dates back to December 2024. Threat actors gained access to some customer files stored on two laptops.
The company did not share any technical details about the intrusion.
“In early September 2025, the Company became aware that unauthorized persons, reportedly associated with a nation-state actor, had gained access to the Company’s IT network. The Company promptly initiated its incident response plan and began an investigation, containment and remediation effort using multiple third-party cybersecurity experts, including federal law enforcement. While the investigation is ongoing, the Company believes that it has been successful in terminating the unauthorized access by the threat actor.” reads the FORM 10-Q filed with the SECURITIES AND EXCHANGE COMMISSION (SEC).
“The Company has preliminarily determined that initial access by the threat actor may have occurred as early as December 2024, with final determinations dependent on completion of the ongoing investigation. As of the date of this quarterly report on Form 10-Q, we are not aware of evidence indicating that the threat actor accessed or exfiltrated any material information. Several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor and those customers have been notified by the Company.”
Ribbon Communications stated that the cyber incident hasn’t materially affected its finances. The investigation is ongoing, and the company continues to enhance its network security. Ribbon expects additional costs but believes they will not be significant.
Over the years, cyber security firms and intelligence experts have blamed China for conducting advanced cyberespionage campaigns against telecoms in North America, and was likely behind a recent attack on security company F5.
Pierluigi Paganini
(SecurityAffairs – hacking, China)
