Ubuntu and Canonical servers offline over 24 hours after cross-border cyberattack

Servers operated by Ubuntu and its parent company Canonical were knocked offline Thursday morning and remained down for more than a day, disrupting normal operations and communications ^[1]. Attempts to access most Ubuntu and Canonical webpages and to download operating system updates from Ubuntu servers failed over the past 24 hours, while mirror sites continued to function normally ^[1].

Canonical acknowledged the outage on its status page, stating, "Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it" ^[1]. The company attributed the disruption to a distributed denial-of-service (DDoS) attack using Beam, a stressor service designed to disable third-party sites ^[1].

A group sympathetic to the Iranian government claimed responsibility for the attack, which followed the recent botched disclosure of a major Ubuntu vulnerability that complicated communication efforts ^[1]. The same pro-Iranian group had previously taken credit for DDoS attacks against eBay, suggesting a pattern of cross-border cyber disruptions ^[1].

While Canonical's core web infrastructure remained offline, mirror sites for Ubuntu updates were unaffected and continued to operate normally, offering users a temporary workaround during the outage ^[1].

As of today, May 5, Canonical staff are actively working to restore services and mitigate the attack’s impact ^[1]. No specific timeline for full restoration was provided.