A pro-Iran hacktivist group, 313 Team, is conducting a sustained DDoS attack against Canonical's web infrastructure, disrupting access to Ubuntu.com and related services. The group has escalated the incident from hacktivism to extortion, demanding payment via email to cease the attack. The article does not describe a specific software vulnerability, so CVSS scores, affected versions, a fixed version, or technical workarounds are not provided.
Cyber-crime 3 Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down 3 313 Team tells Canonical: pay up or the packets keep coming Connor Jones Fri 1 May 2026 // 11:05 UTC Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant. "I can confirm that Canonical's web infrastructure is under a sustained, cross-border Distributed Denial of Service (DDoS) attack" a Canonical spokesperson told The Register . "Our teams are working to restore full availability to all affected services. We will provide updates in our official channels as soon as we are able to." Known best for managing the development of Ubuntu, the distro's main website is down at the time of writing, and has been for several hours. The hacktivist group The Islamic Cyber ​​Resistance in Iraq , aka 313 Team claimed responsibility for the 503 errors Ubuntu's website was returning on Thursday evening, announcing via its Telegram channel that the attack was scheduled to persist for four hours. More than 12 hours later, the attack continues to disrupt Ubuntu's main website and many of its subdomains, although some, including its Archive and Discourse pages, remain up and running. Feds disrupt monster IoT botnets behind record-breaking DDoS attacks Iran's cyberwar has begun Polish cops bust alleged teen DDoS kit sellers – youngest just 12 DDoS deluge: Brit biz battered as botnet blitzes break records 313 Team sent a follow-up message to its Telegram group, directed at Canonical, which indicates the group is veering away from hacktivism and toward full-on extortion: "There is a simple way out. We have emailed you with our Session Contact ID. If you fail to reach out, we will continue our assault. You are in an awful position, don't be foolish." The service disruption at Ubuntu means users cannot download any versions of its distros through the usual channels, nor can they log into their Canonical accounts. Canonical promised to provide regular updates when it has new information to share. 313 Team has claimed responsibility for similar DDoS attacks on the likes of eBay's Japan and US divisions, as well as BlueSky in just the past month alone. Why the group is targeting London-based Canonical remains unclear and no reason was given via its Telegram channel. It is presumably because Ubuntu is one of the most popular Linux distros. ® Share More about Canonical Cybersecurity DDoS More like these × More about Canonical Cybersecurity DDoS Ubuntu Narrower topics Center for Internet Security Elementary OS RSA Conference Zero trust Broader topics Debian Operating System Security More about Share 3 COMMENTS More about Canonical Cybersecurity DDoS More like these × More about Canonical Cybersecurity DDoS Ubuntu Narrower topics Center for Internet Security Elementary OS RSA Conference Zero trust Broader topics Debian Operating System Security TIP US OFF Send us news