Pro-Iran Hacktivist Group Launches DDoS Attack on Canonical's Ubuntu Infrastructure

Pro-Iran Hacktivist Group Launches DDoS Attack on Canonical's Ubuntu Infrastructure

First seen 1 May 2026, 12:03 UTC TheregisterCybersecuritynewsLxerTechcrunchaskubuntu.com+8 90% similarity 72.0

Article Content

Browse articles
ThreatCluster

On April 30, 2026, a coordinated DDoS attack targeted Canonical, the company behind the Ubuntu Linux distribution, disrupting its web infrastructure and preventing users from accessing updates. The attack was claimed by a hacktivist group known as The Islamic Cyber Resistance in Iraq, or 313 Team, which announced the assault via their Telegram channel. The attack has resulted in widespread outages, affecting Canonical's main website and several subdomains, with users unable to download or update Ubuntu. The attackers reportedly utilized a DDoS-for-hire service called Beamed, capable of launching attacks exceeding 3.5 Tbps. As of May 1, 2026, the attack has persisted for over 20 hours, with Canonical working to restore services. The group has also indicated a shift towards extortion, threatening continued attacks unless demands are met. This incident highlights vulnerabilities in open-source systems and the risks posed by DDoS-for-hire services.

Key Points: • A pro-Iran hacktivist group launched a DDoS attack on Canonical's infrastructure. • The attack disrupted Ubuntu updates and affected multiple Canonical services. • The attackers are using a DDoS-for-hire service, indicating a shift towards extortion.

ThreatCluster AI

Timeline

2026-04-30
DDoS attack on Canonical's infrastructure begins
2026-04-30
Canonical confirms ongoing service disruptions
2026-05-01
Attack continues for over 20 hours with no resolution

Community

Browse all →