• Telcos around the world are suffering cyberbreaches
• But vendors, like any other major enterprise outfit, are also being targeted
• Optical system vendor Ribbon Communications has been hacked, it admitted in an SEC filing

While much of the telecom sector’s cybersecurity focus is on network operators and their precious customer data, their tech suppliers are also being targeted by bad actors, with Plano, Texas-based optical and IP networking system developer Ribbon Communications a recent example.

In its 10-Q filing with the Securities and Exchange Commission (SEC) that details its third quarter financial performance, the vendor admitted it has been hacked by “unauthorized persons, reportedly associated with a nation-state actor,” which is believed to be a reference to China. 

It seems the hackers have been sitting quietly in Ribbon’s IT systems for almost a year. 

The report of the hack is tucked away on page 57 of the 10-Q filing under the sub-heading “Cybersecurity Incident Disclosure”. The company notes that in mid-September this year, it “preliminarily determined that initial access by the threat actor may have occurred as early as December 2024, with final determinations dependent on completion of the ongoing investigation. As of the date of this quarterly report on Form 10-Q, we are not aware of evidence indicating that the threat actor accessed or exfiltrated any material information,” noted Ribbon. 

However, “several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor,” it added. 

Ribbon has not supplied details of the customers affected nor of what the compromised files contained. 

The company’s customers include the likes of BT, Bharti Airtel, Lumen Technologies, Deutsche Telekom, Softbank, and Verizon, as well as US government and military agencies.  

As a direct result of the incident, Ribbon “expects to incur additional costs in the fourth quarter of 2025 associated with its continued investigation into this incident, and in network strengthening efforts, however, the Company does not currently expect such costs to be material.” 

No technical details of how the incident happened and why it was eventually discovered  

Commenting on the hack, Pete Renals, director of national security programs at cybersecurity vendor Palo Alto Networks, told Reuters: “Advanced nation-state actors increasingly targeting networking and IT service companies that provide key services to government and critical infrastructure organisations. In many cases, their primary goal is to establish long-term persistence within these networks to enable global espionage.” 

He believes Ribbon is a target for state-sponsored hackers because of its many links to the US government, military and major telecom and energy companies. He added: “This central role as a supplier to sensitive government and infrastructure clients makes Ribbon a lucrative target for state-aligned actors, particularly from China and Russia.”

The report of the cyber breach accompanied Ribbon’s third quarter financials. The vendor reported revenues of $215m, up 2% year on year, while adjusted EBITDA was essentially flat at $29m. 

Bruce McClelland, Ribbon’s president and CEO, noted: the company “delivered solid results in the third quarter, with sales growing 2% year over year… IP Optical Networks sales grew 11% year over year in the quarter with strong growth in EMEA and India. Cloud & Edge sales year to date have increased more than 8% with sales to Global Service Providers continuing to grow. The recent US Federal Government shut down had a minor impact on our Cloud & Edge third quarter results and creates a near-term timing issue on new purchases, but related voice modernisation projects are continuing to progress. More broadly, we believe that our momentum remains strong as evidenced by the expanding number of customers initiating Network Transformation programs and continued growth in our IP Optical Networks segment,” he added.   

The CEO also noted he is “excited about our innovation pipeline. During the third quarter, we announced the launch and initial deployment of our Acumen AIOps platform with a leading US service provider. Acumen is a powerful new AIOps and automation platform designed to help service providers and enterprises navigate the complexities of today's challenging operational environment and accelerate their transition to autonomous networks. Beyond AIOps, our Cloud & Edge portfolio is becoming increasingly strategic to our customers as they bring voice-enabled Agentic AI capabilities to their offerings including some of the largest global technology and software companies.”

Let’s hope that progress isn’t hampered by the cyberbreach and any fallout from the incident.