American telecommunications firm Ribbon Communications has revealed a significant security incident involving a persistent year-long infiltration by nation-state hackers. This breach underscores the ongoing and sophisticated threats state-sponsored actors present to critical infrastructure providers globally.
Discovered in September 2025, investigations traced the initial compromise back to December 2024, indicating nearly twelve months of undetected access. While no evidence of access to “material information” or customer systems was found, the attackers accessed four older customer files on two laptops outside the main network, as detailed in Ribbon Communications’ 10-Q Quarterly Report filed with the US Securities and Exchange Commission (SEC) on October 23, 2025.
Ribbon Communications, a provider of network infrastructure to major telecom operators including Verizon, BT, Deutsche Telekom, and the US Department of Defense, has confirmed that the threat actors have been successfully removed from their network. The company is actively collaborating with federal law enforcement and external cybersecurity experts to investigate the intrusion. The three smaller customers whose files were involved have been notified of the incident.
This event aligns with a broader pattern of nation-state entities targeting telecommunications firms for espionage. Previous campaigns, such as those related to Chinese espionage in Europe, have demonstrated sophisticated tactics against telecom organizations, utilizing advanced backdoors and exploiting network device vulnerabilities. Similarly, a senior Pentagon official has warned about cyber warfare risks to joint forces, highlighting a strategic focus on technology providers for intelligence acquisition.
Ryan McConechy, CTO of Barrier Networks, commented on the extended dwell time, stating, “This latest breach against a major telecommunications provider is further evidence that the online world has become the preferred playing field for all adversaries today.” He added that the duration of the infiltration, “as long as a year before being noticed is deeply concerning,” as reported by Hackread.com, citing Reuters. McConechy suggested that such prolonged stealth could indicate techniques aimed at extensive reconnaissance.
The incident serves as a technical case study on the sophisticated and prolonged cyber espionage capabilities demonstrated by nation-state actors against critical telecommunications infrastructure.