DDOS attack on Canonical and Ubuntu

Norm24 · May 1, 2026, 2:32pm

hydn · May 1, 2026, 2:42pm

Wow! Their status page shows it as well. https://status.canonical.com/ Wild!

Norm24 · May 1, 2026, 2:42pm

Going to be a long day for a lot of people!

Norm24 · May 1, 2026, 2:46pm

When there are updates they can be found here:

tkn · May 1, 2026, 4:14pm

Ah , this explains why I could not reach launchpad.net to file a bug

toadie · May 1, 2026, 4:57pm

Why the hell do people this shit?

ricmarques · May 1, 2026, 8:55pm

I’ve found the following related “PC Mag” article, published / edited today (1st May 2026) about this incident:

"Pro-Iran Hackers Hit Ubuntu’s Canonical With DDoS, Float Extortion Demand | PCMag "
https://www.pcmag.com/news/pro-iran-hackers-hit-ubuntus-canonical-with-ddos-float-extortion-demand

From that article:

" (…) The hacking group, 313 Team, also claims it was behind DDoS attacks against eBay and Bluesky. (…)

(…) The attack appears to have shut down access to Canonical’s main site and the Ubuntu.com domain, though PCMag was able to load some related pages. A pro-Iranian hacking group, the Islamic Cyber Resistance in Iraq, also known as the 313 Team, has claimed responsibility for the DDoS assault, which began on Thursday.(…)

“The attack on all Ubuntu servers remains ongoing,” the group wrote on the chat app Telegram, while issuing an extortion demand. “As a reminder, our communication channels remain open for Ubuntu to contact us so that we may agree on a ceasefire.” X appears to have suspended the group’s account since then.

Team 313 also claims to be using a relatively new DDoS-for-hire service called Beamed to target as many as 14 Ubuntu-related domains. (…)"

Norm24 · May 1, 2026, 9:23pm

Because they can. Some people (or groups of) just suck.

ericmarceau · May 2, 2026, 3:52am

Probably someone trying to steal from Canonical and hide the theft amongst the volume of crap from the attack.

Norm24 · May 3, 2026, 11:24am

The issues with launchpad are still ongoing.

https://isdown.app/status/canonical/ppa-launchpad-net

hydn · May 7, 2026, 1:15pm

For such a major incident I was hoping Canonical would put out a formal post-incident writeup.

Kind of like what Cloudflare always does: Post Mortem

lah7 · May 11, 2026, 9:07pm

On the surface, it seems things are back up, but there still seems to be some aftermath issues. My CI pipeline that uploads to a PPA, failed today with:

Checking signature on .changes
Checking signature on .dsc
Uploading to ppa (via ftp to ppa.launchpad.net):
  Uploading polychromatic_0.9.7-2~gb03a0f0~26.04.dsc: 550 Requested action not taken: internal server error
Note: This error might indicate a problem with your passive_ftp setting.
Please consult dput.cf(5) for details on this configuration option.

Uploads to 24.04 worked, just not 26.04 - it was OK yesterday though.

Same with discourse.ubuntu.com not working at times. status.canonical.com be telling pork pies.

Topic		Replies	Views
Perhaps, don't recommend the Ubuntu Discourse instance for MATE refugees MATE Desktop forums	33	218	May 13, 2026
Cve-2026-31431 [danger] General Discussions kernel , system-security , cybersecurity	21	834	May 7, 2026
Arch website and services under DDoS attack Arch Linux	8	179	August 29, 2025
SUDO CVE-2025-32462 and CVE-2025-32463 Fedora/RHEL	6	213	July 10, 2025
📣 Service notice – 12 June 2025 Our Community	7	106	July 13, 2025

DDOS attack on Canonical and Ubuntu

Related topics