Pro-Iran Hacktivist Group Launches DDoS Attack on Canonical's Ubuntu Infrastructure

Severity: High (Score: 72.0)

Sources: Mezha, www.itsecuritynews.info, www.theregister.com, Theregister, Cybersecuritynews

Summary

On April 30, 2026, a coordinated DDoS attack targeted Canonical, the company behind the Ubuntu Linux distribution, disrupting its web infrastructure and preventing users from accessing updates. The attack was claimed by a hacktivist group known as The Islamic Cyber Resistance in Iraq, or 313 Team, which announced the assault via their Telegram channel. The attack has resulted in widespread outages, affecting Canonical's main website and several subdomains, with users unable to download or update Ubuntu. The attackers reportedly utilized a DDoS-for-hire service called Beamed, capable of launching attacks exceeding 3.5 Tbps. As of May 1, 2026, the attack has persisted for over 20 hours, with Canonical working to restore services. The group has also indicated a shift towards extortion, threatening continued attacks unless demands are met. This incident highlights vulnerabilities in open-source systems and the risks posed by DDoS-for-hire services. Key Points: • A pro-Iran hacktivist group launched a DDoS attack on Canonical's infrastructure. • The attack disrupted Ubuntu updates and affected multiple Canonical services. • The attackers are using a DDoS-for-hire service, indicating a shift towards extortion.

Key Entities

• DDoS (attack_type)
• Bluesky (platform)
• EBay (platform)
• Linux (platform)
• Telegram (platform)
• Canonical (company)
• Vecert (company)
• Ubuntu (company)
• Brazil (country)
• China (country)
• Ecuador (country)
• Indonesia (country)
• Iran (country)
• ubuntu.com (domain)
• Mirai (malware)
• T1499 - Endpoint Denial of Service (mitre_attack)
• Beamed (tool)