TZUTC: -0500   
   MSGID: 1647.consprcy@1:2320/105 2d6a0db6   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Telco provider used by US government and others hit by nation-state hackers   
      
   Date:   
   Thu, 30 Oct 2025 15:02:00 +0000   
      
   Description:   
   Ribbon Communications confirms breach, but says it only affected three   
   "smaller" clients.   
      
   FULL STORY   
      
   Ribbon Communications has confirmed it suffered a cyberattack in which it    
   lost sensitive customer documents.    
      
   In a new 10-Q form filed with the US Securities and Exchange Commission    
   (SEC), the company said it became aware of the attack in early September    
   2025. Subsequent investigation determined that the attack was most likely   
   conducted by a nation-state actor, with the goal of stealing corporate files.    
      
   Ribbon is a major supplier of telco services and software, with customers   
   including Verizon, CenturyLink, and the US Defense Department, but also   
   smaller customers - three of which were impacted by this intrusion.   
      
   "Smaller customers" affected   
      
   The company did not want to name the victims since the investigation is   
   currently ongoing, but added that a total of four older files were accessed.    
      
   The company has preliminarily determined that initial access by the threat   
   actor may have occurred as early as December 2024, with final determinations   
   dependent on completion of the ongoing investigation, the filing reads.    
      
   As of the date of this quarterly report on Form 10-Q, we are not aware of   
   evidence indicating that the threat actor accessed or exfiltrated any    
   material information. Several customer files saved outside of the main    
   network on two laptops do appear to have been accessed by the threat actor    
   and those customers have been notified by the company.    
      
   Ribbon did not discuss the identity of the attackers, or the nation-state   
   behind it. It stressed that the attack most likely wont have a material    
   impact despite additional costs related to the investigation and the network   
   strengthening efforts.    
      
   In the filing, Ribbon also said it has brought in multiple third-party   
   cybersecurity experts to assist with the investigation and the forensics, and   
   notified relevant law enforcement agencies, as well.    
      
   "While the investigation is ongoing, the Company believes that it has been   
   successful in terminating the unauthorized access by the threat actor," it   
   concluded.    
      
    Via The Register    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/telco-provider-used-by-us-government-an   
   d-others-hit-by-nation-state-hackers   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426