TZUTC: -0500
MSGID: 1647.consprcy@1:2320/105 2d6a0db6
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Telco provider used by US government and others hit by nation-state hackers

Date:
Thu, 30 Oct 2025 15:02:00 +0000

Description:
Ribbon Communications confirms breach, but says it only affected three
"smaller" clients.

FULL STORY

Ribbon Communications has confirmed it suffered a cyberattack in which it 
lost sensitive customer documents. 

In a new 10-Q form filed with the US Securities and Exchange Commission 
(SEC), the company said it became aware of the attack in early September 
2025. Subsequent investigation determined that the attack was most likely
conducted by a nation-state actor, with the goal of stealing corporate files. 

Ribbon is a major supplier of telco services and software, with customers
including Verizon, CenturyLink, and the US Defense Department, but also
smaller customers - three of which were impacted by this intrusion.

"Smaller customers" affected

The company did not want to name the victims since the investigation is
currently ongoing, but added that a total of four older files were accessed. 

The company has preliminarily determined that initial access by the threat
actor may have occurred as early as December 2024, with final determinations
dependent on completion of the ongoing investigation, the filing reads. 

As of the date of this quarterly report on Form 10-Q, we are not aware of
evidence indicating that the threat actor accessed or exfiltrated any 
material information. Several customer files saved outside of the main 
network on two laptops do appear to have been accessed by the threat actor 
and those customers have been notified by the company. 

Ribbon did not discuss the identity of the attackers, or the nation-state
behind it. It stressed that the attack most likely wont have a material 
impact despite additional costs related to the investigation and the network
strengthening efforts. 

In the filing, Ribbon also said it has brought in multiple third-party
cybersecurity experts to assist with the investigation and the forensics, and
notified relevant law enforcement agencies, as well. 

"While the investigation is ongoing, the Company believes that it has been
successful in terminating the unauthorized access by the threat actor," it
concluded. 

 Via The Register 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/telco-provider-used-by-us-government-an
d-others-hit-by-nation-state-hackers

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426