Government hackers infiltrated Ribbon Communications and had access to the Pentagon supplier’s networks for almost a year

Ribbon Communications officially announced that in September 2025, it discovered unauthorized access to its IT network, allegedly carried out by a state-owned group.

According to preliminary data, the initial penetration could have occurred as early as December 2024.

Key facts:

1. Access was allegedly gained by state-owned APT actors;

2. the penetration lasted up to a year;

3. the company’s internal network was compromised;

4. no evidence of customer systems being compromised has been found so far;

5. several files on individual laptops were nevertheless viewed;

6. three customers have been warned, their names are not being disclosed.

The company says that it has eliminated the attackers, involved federal services and external cyber experts, and has also strengthened protective measures.

Ribbon Communications is one of the key suppliers of network systems for critical infrastructure and corporations in the US and the world.

Clients include:

• Verizon, AT&T, Comcast, BT, Deutsche Telekom

• Bank of America, JPMorgan Chase, Wells Fargo

• US Department of Defense, City of Los Angeles, University of Texas

Earlier this month, Ribbon partner F5 Networks also suffered its own government hack.

China has denied involvement, while calling the US the “number one hacking nation.” The attack on Ribbon highlights a growing trend: state hackers are targeting not just governments but also critical infrastructure providers as entry points into the networks of critical organizations. The full extent of the impact will be clear once the investigation is complete, but the incident is already raising national security concerns.