DDoS Attack Hits Ubuntu Website & Canonical Web Services

Canonical, the company behind the Ubuntu Linux distribution, is currently experiencing widespread service disruptions across its core web infrastructure. These outages follow a coordinated Distributed Denial-of-Service (DDoS) attack.

The hacktivist group identifying itself as “The Islamic Cyber Resistance in Iraq – 313 Team” has claimed responsibility for the offensive, marking one of the most significant attacks against open-source infrastructure in recent memory.

Widespread Outages Across Critical Services

According to Canonical’s official status page, more than a dozen services and domains have been reported as Down, spanning developer tools, security APIs, and public-facing portals. The affected components include:

• ubuntu.com and canonical.com
• security.ubuntu.com
• archive.ubuntu.com
• developer.ubuntu.com
• blog.ubuntu.com
• portal.canonical.com
• assets.ubuntu.com
• academy.canonical.com
• jaas.ai and maas.io
• Ubuntu Security API – CVEs
• Ubuntu Security API – Notices

The disruption of Ubuntu Security API – CVEs and Ubuntu Security API – Notices is particularly concerning, as these endpoints are relied upon by system administrators, patch management tools, and security automation pipelines worldwide to fetch vulnerability data and security advisories in real time.

Hacktivist Group Claims Responsibility

Threat intelligence account Vecert Analyzer flagged the incident on X (formerly Twitter), issuing a critical alert describing it as a “massive attack against open-source infrastructure.”

The post confirmed that the DDoS offensive was targeting Ubuntu’s primary servers and had resulted in a total disruption of the platform’s web and technical services.

The 313 Team, which presents itself under an Islamist hacktivist banner, has been known to conduct politically motivated cyberattacks against Western and technology-linked targets.

While DDoS attacks do not involve data exfiltration or system compromise, the sustained takedown of critical open-source services carries significant operational impact for the global developer and security community.

Ubuntu remains one of the world’s most widely deployed Linux distributions, with a massive user base spanning cloud providers, enterprise environments, and individual developers.

The unavailability of archive.ubuntu.com disrupts package installations and system updates, while the outage of security-related APIs could delay automated patching workflows for organizations dependent on Ubuntu’s security feed infrastructure.

As of this writing, Canonical has acknowledged the outages via its status page, though no official statement attributing the cause to the DDoS campaign has been published. Ubuntu’s official X account has also acknowledged the incident.

Security teams relying on Ubuntu’s CVE and advisory APIs are advised to implement fallback data sources, such as the NVD or OSV, until services are fully restored.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.