Loading...
Loading...
Canonical’s Ubuntu web infrastructure suffered a prolonged outage after a “sustained, cross-border” DDoS campaign coincided with the public release of exploit code for a serious Linux privilege-escalation flaw. An Iran-aligned hacktivist group, 313 Team, claimed the attack via Telegram, citing use of the Beam booter/stressor service and escalating from disruption to extortion demands. While mirror networks continued serving packages, primary endpoints like ubuntu.com, security.ubuntu.com, and developer portals went dark, complicating security advisories, CVE feeds, downloads, and account access. Reports also noted a Site24x7 statuspage-style placeholder, highlighting operational fragility in incident communications.
Canonical is under attack
Ubuntu and Canonical web infrastructure was taken offline by a sustained, cross-border DDoS attack after researchers published exploit code for a severe Linux privilege-escalation vulnerability. A pro‑Iran group claimed responsibility, saying it used the Beam booter service to overwhelm Canonical’s sites; many primary Ubuntu endpoints (security.ubuntu.com, archive.ubuntu.com, ubuntu.com, developer.ubuntu.com and others) remained unreachable while mirror sites continued serving updates. The outage has hampered Canonical’s ability to publish security guidance and coordinate responses for affected servers. The incident underscores ongoing threats from DDoS‑as‑a‑service operations and the operational risk they pose to major open-source infrastructure and incident communications.
Ubuntu and Canonical's public web infrastructure has been offline for more than a day after a sustained cross-border DDoS attack that the attackers—an Iran-aligned group—claimed via Telegram. The outage has knocked out many Canonical and Ubuntu sites and services (including security.ubuntu.com, archive.ubuntu.com, ubuntu.com, and developer portals), limiting Canonical’s ability to communicate guidance after researchers published exploit code for a widespread Linux privilege-escalation bug. Mirrors continue to serve updates, but Canonical has otherwise been largely silent beyond a brief status page. The assailants reportedly used a for-hire “Beam” booter/stressor service, underscoring the persistent threat from DDoS-as-a-service operations despite long-running law-enforcement efforts. This disruption matters because it hampers incident response and security communication for a major Linux distributor.
Ubuntu and Canonical web infrastructure has been offline since Thursday after a sustained, cross-border DDoS attack claimed by a pro‑Iran group using the Beam stressor service. The outage has taken down many Canonical and Ubuntu endpoints—security.ubuntu.com, archive.ubuntu.com, ubuntu.com, developer sites and CVE/notice APIs—though mirror updates stayed available. The disruption follows public release of exploit code for a critical vulnerability that lets untrusted users gain root on Ubuntu servers, amplifying the incident’s urgency. Canonical acknowledged the attack on its status page but has otherwise been quiet while working to restore services. The outage affects OS updates, security feeds and developer resources, raising concerns for admins and downstream projects that depend on Ubuntu infrastructure.
A pro-Iran hacktivist crew is claiming responsibility for a distributed denial-of-service campaign that has taken ubuntu.com and related Canonical services intermittently offline while demanding payment, turning a DDoS into an extortion shakedown. Canonical — the UK-based company behind Ubuntu and the Snap store — reported outages and slow responses affecting user updates and downloads, prompting user reports of snap refresh failures. The motive is unclear; observers suggest Ubuntu was a target of opportunity because of its visibility in the tech community and Canonical’s Western ties. The incident matters because it disrupts widely used open-source infrastructure, raises supply-chain concerns for developers and enterprises, and underscores DDoS-as-extortion trends.
Canonical confirmed its web infrastructure is under a sustained cross-border DDoS attack by pro‑Iran hacktivist group 313 Team, leaving ubuntu.com and multiple subdomains inaccessible for over 12 hours. The group claimed responsibility via Telegram and shifted from activism to extortion, warning Canonical to contact them using a Session Contact ID or face continued disruption. Some services such as the Archive and Discourse pages remain available, but users cannot download distributions or log into Canonical accounts through the primary site. Canonical says teams are working to restore full availability and will post updates; the motive is unclear beyond Ubuntu's prominence. The incident underscores ongoing DDoS threats to major open‑source infrastructure and supply‑chain exposure risks.
Canonical's Ubuntu web infrastructure has been hit by a sustained DDoS attack claimed by pro‑Iran hacktivist group 313 Team, leaving ubuntu.com and many subdomains returning 503 errors for more than 12 hours. The attackers announced the strike on Telegram and escalated from activism to extortion, telling Canonical to contact them or face continued disruption; Canonical confirmed the outage and said teams are working to restore services. The incident blocks downloads and account logins for Ubuntu users, underscores risks to major open source project infrastructure, and highlights growing use of DDoS as both geopolitical signaling and criminal shakedown against prominent tech targets.
Canonical confirmed its web infrastructure is under a sustained cross-border DDoS attack that has left ubuntu.com and many subdomains returning 503 errors for over 12 hours. A pro-Iran hacktivist group calling itself the Islamic Cyber Resistance in Iraq – 313 Team claimed responsibility, initially scheduling a short-lived campaign via Telegram and then escalating with an extortion demand, telling Canonical to contact them or face continued disruption. The outage prevents users from downloading Ubuntu releases and accessing Canonical accounts; some services such as Archive and Discourse remain available. Canonical says its teams are working to restore services and will post updates. The incident highlights risks to major open-source infrastructure and the convergence of hacktivism and criminal extortion.
Ubuntu.com is reportedly down: visitors encountering a placeholder/statuspage template instead of the public site, showing untranslated template variables and staging notices. The broken page references Site24x7 statuspage components and cookie consent text, indicating a failure to serve the production site or a misconfiguration in a status/statuspage integration. This matters because Ubuntu.com is Canonical’s primary web presence for downloads, support, and enterprise information; prolonged downtime can disrupt developers, enterprise users, and mirror/download access and raise concerns about web ops and incident management for a major open-source OS vendor. Canonical’s engineering and incident-response teams should investigate DNS, CDN, deployment pipelines, or statuspage misconfigurations to restore normal service.