News: 1777633559

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down

(2026/05/01)


Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant.

"I can confirm that Canonical's web infrastructure is under a sustained, cross-border Distributed Denial of Service (DDoS) attack" a Canonical spokesperson told The Register .

"Our teams are working to restore full availability to all affected services. We will provide updates in our official channels as soon as we are able to."

[1]

Known best for managing the development of Ubuntu, the distro's main website is down at the time of writing, and has been for several hours.

[2]

[3]

The hacktivist group [4]The Islamic Cyber ​​Resistance in Iraq , aka 313 Team claimed responsibility for the 503 errors Ubuntu's website was returning on Thursday evening, announcing via its [5]Telegram channel that the attack was scheduled to persist for four hours.

More than 12 hours later, the attack continues to disrupt Ubuntu's main website and many of its subdomains, although some, including its Archive and Discourse pages, remain up and running.

[6]Feds disrupt monster IoT botnets behind record-breaking DDoS attacks

[7]Iran's cyberwar has begun

[8]Polish cops bust alleged teen DDoS kit sellers – youngest just 12

[9]DDoS deluge: Brit biz battered as botnet blitzes break records

313 Team sent a follow-up message to its Telegram group, directed at Canonical, which indicates the group is veering away from hacktivism and toward full-on extortion: "There is a simple way out. We have emailed you with our Session Contact ID. If you fail to reach out, we will continue our assault. You are in an awful position, don't be foolish."

The service disruption at [10]Ubuntu means users cannot download any versions of its distros through the usual channels, nor can they log into their Canonical accounts.

[11]

Canonical promised to provide regular updates when it has new information to share.

313 Team has claimed responsibility for similar DDoS attacks on the likes of eBay's Japan and US divisions, as well as BlueSky in just the past month alone.

Why the group is targeting London-based Canonical remains unclear and no reason was given via its Telegram channel. It is presumably because Ubuntu is one of the most popular Linux distros. ®

Get our [12]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2afTOKLmKMrJHrpqrHvJ3YQAAAgc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44afTOKLmKMrJHrpqrHvJ3YQAAAgc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33afTOKLmKMrJHrpqrHvJ3YQAAAgc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/#:~:text=313%20Team%20(Islamic%20Cyber%20Resistance%20in%20Iraq)%2C%20is%20an%20active%20pro%2DIranian%20hacktivist%20cell

[5] https://www.theregister.com/2025/05/28/telegram_takes_300m_xai_cash/

[6] https://www.theregister.com/2026/03/20/botnet_disruption/

[7] https://www.theregister.com/2026/03/02/cyber_warfighters_iran/

[8] https://www.theregister.com/2026/03/10/poland_ddos_teens_bust/

[9] https://www.theregister.com/2026/02/06/uk_climbs_up_ddos_hit/

[10] https://www.theregister.com/2026/04/24/ubuntu_resolute_raccoon/

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44afTOKLmKMrJHrpqrHvJ3YQAAAgc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[12] https://whitepapers.theregister.com/


TVU

The least impolite thing I can say about these hackers is that they are complete and total scumbags.

brep51r

disturbing timing

given the recently disclosed privilege escalation vulnerability in the Linux kernel. bad time to be unable to access your distro’s guidance.

https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/

That Badger

Re: disturbing timing

You can just get a kernel from kernel.org and compile it yourself.

Anonymous Coward

Wouldn't it make more sense for them to go after Palantir?????

retiredFool

or microsoft? Or oracle, or ??? Ubuntu what are they thinking. My only thought is ubuntu is big, but not so big that they can do a successful attack.

IGotOut

I'm confused why...

....the only thing I can think of is it's registered in the UK. Unless it's a smokescreen for a different attack.

Not Yb

Re: I'm confused why...

That's what I'm thinking as well. Any target company running Ubuntu on their devices is probably ALSO under attack right now via unpatched vulns. While the patch mirrors are probably still up, since there's more than just a few of those, the instructions for patching out the attacked vulnerability aren't available.

Luckily the instructions are (as usual) "update to latest security release using known good mirrors".

Liam Proven

Re: I'm confused why...

> registered in the UK

Excuuuuuuuse me.

Canonical Ltd

1 Circular Road

Douglas, Isle Of Man

IM1 1AF

Not in the UK at all. About 100km across the sea from the nearest bits of the UK, in fact.

Although on a clear day, from here in the office of the Irish Sea wing of Vulture Towers -- 600 metres from the official Canonical address -- I can see the hilltops of the Lake District.

Today is _not_ a clear day.

Tron

Would it not be a plan to have spare domains?

Relying on one seems unwise.

doublelayer

Re: Would it not be a plan to have spare domains?

It wouldn't make a difference. They're not attacking resolution of a domain. They're attacking the multiple servers serving that domain, including some targeted subdomains. The solution is more servers, and you could easily have those serving one domain anyway, but more servers is expensive and Canonical wants to be efficient.

Nate Amsden

archive was down

Unsure for how long but for me at least a couple of hours yesterday, I was assuming due to lots of folks trying to patch the kernel bug. It stabilized eventually well enough to get my aptly mirror to fully sync. Stumbled upon the Ubuntu status page and saw all the red, last I noticed last night they had 16 sites in major outage still.

During the 2 or 3 hours I noticed it, aptly was saying timeout for http headers, manually testing showed it taking about 30 seconds to process a request.

Another similar situation a few months back again a kernel package thing, though in that case I think it was just somehow that one package, which was a huge file was timing out for hours.

Don't speak about Time, until you have spoken to him.