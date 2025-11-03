erek
“US Cybersecurity and Infrastructure Security Agency (CISA) spokesperson Marci McCarthy confirmed to The Register that "CISA is aware of Ribbon Communications' disclosure today involving an incident with the company's IT network," and directed any questions about the incident and response to the company.
Ribbon provides communications software and IP Optical networking gear to major service providers including BT, Verizon, Lumen Technologies (formerly CenturyLink), Deutsche Telekom, SoftBank, TalkTalk, and Tata, along with government agencies such as the US Department of Defense, and local governments including the City of Los Angeles, California.
This makes it a high-value target for government-backed snoops looking to attack a carrier network and then use that access to break into its customers' environments. And, at least with the limited amount of detail we have about the intrusion, it sounds similar to recent Salt Typhoon intrusions.
This China-linked espionage crew famously hacked America's major telecommunications firms and government agencies, then stole information belonging to nearly every American. The Salt Typhoon hacks began around 2019, but US authorities did not uncover them until late 2024.
At the time, T-Mobile's US security boss told The Register that the Salt Typhoon cyber-spies hopped between organizations' networks in a way he'd never seen before.
"The technique that was used to go from one telecommunications infrastructure to another, I would say, is novel," T-Mo Chief Security Officer Jeff Simon told us late last year. "That's not something that I've seen in my 15-plus-year career in cybersecurity. It's not something that is well published or read about. There's no CVE for it." ®”
Source: https://www.theregister.com/2025/10/29/major_telco_networking_provider_compromised/
