A nation-state cyberattack compromised Ribbon Communications’ IT network, potentially affecting multiple government and telecom clients. The breach, linked in pattern to China’s Salt Typhoon group, highlights ongoing threats to critical infrastructure. #SaltTyphoon #TelecomBreaches
Keypoints
- Ribbon Communications detected unauthorized access from a nation-state actor starting in December 2024.
- The breach was discovered in September 2025, with ongoing investigations into the extent of the compromise.
- Attackers accessed files on laptops outside Ribbon’s main network, affecting several customer organizations.
- The incident bears similarities to previous telecom breaches linked to China’s Salt Typhoon hacking group.
- Ribbon is collaborating with cybersecurity and federal agencies to mitigate the impact and strengthen defenses.