Fast Facts
-
Nation-State Breach: Ribbon Communications, a US telecom firm, revealed a cyberattack that exposed its network for nearly a year, attributed to nation-state actors, raising alarms in cybersecurity circles.
-
Incident Response: The breach was detected in early September 2024, prompting Ribbon to initiate its incident response plan with federal and third-party cybersecurity support, although no significant information loss is reported.
-
Ongoing Cyber Threats: The attack on Ribbon follows several high-profile breaches targeting US telecom companies, indicating a persistent threat, particularly from the Chinese nation-state group, Salt Typhoon.
- Regulatory Challenges: Despite government efforts to enhance telecom security, regulatory hurdles persist, with recent moves to abolish existing cybersecurity measures impacting the industry’s ability to combat cyber threats effectively.
[gptAs a technology journalist, write a short news story divided in two subheadings, at 12th grade reading level about ‘Ribbon Communications Breach Marks Latest Telecom Hack’in short sentences using transition words, in an informative and explanatory tone, from the perspective of an insightful Tech News Editor, ensure clarity, consistency, and accessibility. Use concise, factual language and avoid jargon that may confuse readers. Maintain a neutral yet engaging tone to provide balanced perspectives on practicality, possible widespread adoption, and contribution to the human journey. Avoid passive voice. The article should provide relatable insights based on the following information ‘
Yet another US telecommunications firm has fallen victim to a nation-state cyberattack.
In its quarterly earnings report last week, Ribbon Communications disclosed that its network had been breached and that cyberattackers had lurked in the company’s environment for almost a year. The breach marks the latest in a string of attacks against US telecom firms, which have alarmed the cybersecurity community as well as government officials.
Ribbon, based in Plano, Texas, specializes in communications software and IP optical networking technology for service providers and critical infrastructure organizations. The company was formed in 2017 following the merger of Sonus Networks and Genband.
Nation-State Hackers Take Aim at Telcos Again
In its 10-Q filing with the US Securities and Exchange Commission on Oct. 23, Ribbon said it first detected the intrusion in early September and promptly initiated its incident response plan, with assistance from several third-party cybersecurity organizations and federal law enforcement.
“The Company has preliminarily determined that initial access by the threat actor may have occurred as early as December 2024, with final determinations dependent on completion of the ongoing investigation,” the 10-Q form stated. “As of the date of this quarterly report on Form 10-Q, we are not aware of evidence indicating that the threat actor accessed or exfiltrated any material information. Several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor and those customers have been notified by the Company.”
The attackers were “reportedly associated with a nation-state actor,” according to the 10-Q filing. It’s unclear who made the association to nation-state actors. A Ribbon spokesperson tells Dark Reading that the company cannot disclose that information at the request of the third parties the company is working with.
Ribbon also said it believes that the attackers’ access has been cut off, and that the attack has not had a material impact on the company.
The company provided the following statement to Dark Reading.
“Ribbon prides itself on our long-standing partnerships with our customers and we know that security is a paramount concern within their networks. While we do not have evidence at this time that would indicate the threat actor gained access to any material information, we continue to work with our third-party experts to confirm this,” Ribbon said in the statement. “We have also taken steps to further harden our network to prevent any future incidents. Our investigation remains on-going, and we will provide any material updates as warranted.”
One Data Breach After Another for Telecom Sector
The attack on Ribbon follows several notable breaches of US firms, as well as telecom companies in other countries, in recent years. The most notable of these attacks were committed by Salt Typhoon, a Chinese nation-state threat group focused on cyberespionage.
The attacks, which first came to light in 2024, impacted several telecom and ISP providers such as Verizon, AT&T, and Lumen. The access achieved by Salt Typhoon actors, which included the telcos’ law enforcement request systems for wire-tapping and surveillance, sparked deep concern among government officials and lawmakers and led to efforts to bolster security for such companies.
However, more Salt Typhoon attacks came to light this year. And nation-state threat actors aren’t the only ones taking aim at telecom companies.
For example, a teenager accused of being a member of the Scattered Spider cybercriminal collective was arrested last year for allegedly hacking into several companies, including two US telecom firms. According to authorities, Remington Goy Ogletree allegedly used one of the breached telecom companies to send millions of phishing texts in a wide-ranging cryptocurrency theft campaign.
A US Army soldier was also arrested last year in connection with breaches of more than a dozen telecom providers. Cameron John Wagenius, who pled guilty to several charges this summer, hacked into 15 companies and stole call logs for high-profile individuals, including President Donald Trump.
While US government has taken steps to address cyber threats to the telecom sector, some of those efforts have run into obstacles. In January, the Trump administration disbanded the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Safety Review Board (CSRB), which had been investigating the Salt Typhoon attacks. The CSRB had previously investigated a Chinese nation-state attack on Microsoft and issued a scathing report last year that said the breach was the result of “a cascade of security failures” at the technology giant.
More recently, Federal Communications Commission (FCC) Chair Brendan Carr announced his agency would seek to reverse an order from the previous FCC that imposed cybersecurity requirements on telecom companies. Under the Biden administration, the FCC ruled earlier this year that such companies are legally obligated to secure their networks under Section 105 of the Communications Assistance for Law Enforcement Act (CALEA).
However, Carr this week criticized the order, which he said “exceeded the agency’s authority” and failed to effectively address current cyber threats, and said the agency would vote to overturn it next month.
‘. Do not end the article by saying In Conclusion or In Summary. Do not include names or provide a placeholder of authors or source. Make Sure the subheadings are in between html tags of
[/gpt3]
Continue Your Tech Journey
Explore the future of technology with our detailed insights on Artificial Intelligence.
Access comprehensive resources on technology by visiting Wikipedia.
CyberRisk-V1
