★ 7/10 · General · 2026-05-01

Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down

Canonical's web infrastructure is currently experiencing a sustained, cross-border Distributed Denial of Service (DDoS) attack. The attack, claimed by the 313 Team, has disrupted access to Ubuntu.com and several...

Captured 2026-05-01 11:05

Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down

Summary

Canonical's web infrastructure is currently experiencing a sustained, cross-border Distributed Denial of Service (DDoS) attack. The attack, claimed by the 313 Team, has disrupted access to Ubuntu.com and several subdomains, transitioning from a hacktivist action into an extortion attempt.

Key Points

  • The attack is being executed by the 313 Team (The Islamic Cyber Resistance in Iraq).
  • The DDoS attack is causing HTTP 503 (Service Unavailable) errors on the primary Ubuntu.com domain and various subdomains.
  • While the main website and several subdomains are offline, the Ubuntu Archive and Discourse pages remain operational.
  • The attack has transitioned from a scheduled four-hour disruption to an indefinite period of service unavailability linked to an extortion demand.
  • The attackers have requested communication via a specific Session Contact ID provided through email.

Technical Details

The attack is characterized as a sustained, cross-border Distributed Denial of Service (DDoS) targeting Canonical's web infrastructure. The primary technical symptom is the return of HTTP 503 errors, indicating that the web servers or the edge infrastructure (such as load balancers or reverse proxies) are unable to process the volume of incoming traffic, leading to service exhaustion.

While the primary Ubuntu.com domain and account login services are currently unavailable, certain critical subdomains, specifically the Ubuntu Archive and Discourse pages, have maintained availability. The attack has moved beyond a simple disruption of service and now involves an extortion component, where the attackers are leveraging the ongoing service unavailability to demand a ransom.

Impact / Why It Matters

Developers and system administrators are currently unable to download Ubuntu distribution images through standard web channels or access Canonical accounts. This disruption prevents the provisioning of new environments and the management of services that rely on the Ubuntu.com web interface.

security DDoS Ubuntu infrastructure

↳ Sources