The public-facing infrastructure of Ubuntu and Canonical suffered a distributed denial-of-service (DDoS) attack starting Thursday, April 30, causing outages to critical services used by Ubuntu users across the US and beyond [1]. The attack affected Ubuntu's security API, several Ubuntu and Canonical websites, and blocked users from updating or installing Ubuntu packages, impacting system maintenance and security updates [1].
As of Friday, May 1, the attack had persisted for around 20 hours, with disruptions ongoing at reporting time [1]. The prolonged outage frustrated users who rely on timely package updates and security feature access.
Hacktivist group The Islamic Cyber Resistance in Iraq 313 Team claimed responsibility for the assault through a post on their Telegram channel [1]. Investigators found that the attackers leveraged Beamed, a booter or stresser service available for hire to amplify the DDoS traffic and overwhelm Canonical's infrastructure [1].
Canonical officially confirmed the attack on their website. Spokesperson Lelanie de Roubaix said, "Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it. We will provide more information in our official channels as soon as we are able" [1].
The company continues efforts to mitigate the attack and restore full functionality of their services. Users remain unable to access security APIs and package repositories normally until the disruptions subside.
The incident began on Thursday, April 30, with ongoing effects reported into Friday, May 1 [1]. Canonical has not provided a clear timeline for when all affected services will return to normal operation.