Canonical Web Services Remain Offline After Sustained Cyberattack, Pro-Iran Group Claims Responsibility

Breaking: Canonical Web Services Crash Amid Ongoing Cyberattack

Canonical's entire web infrastructure—including Ubuntu's main site, package repositories, and official communication channels—has been knocked offline for more than 24 hours following a sustained distributed denial-of-service (DDoS) attack. The outage, which began Thursday morning, has left millions of Ubuntu users unable to access updates, security patches, or official documentation.

The attack comes just hours after Canonical bungled the disclosure of a critical vulnerability, raising suspicions that the two events are linked. Attempts to reach ubuntu.com or canonical.com return timeout errors, and the company has issued only a single terse status update since the incident began.

Key Facts:

• Outage duration: Exceeding 36 hours as of Friday morning
• Services affected: Main websites, update servers, bug trackers, mailing lists
• Mirror sites remain operational; users can still download via third-party mirrors
• A pro-Iranian hacker group claims responsibility via Telegram

In its only public communication, Canonical posted on its status page: “Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it.” The company has provided no timeline for restoration and has not responded to media inquiries.

“This is a textbook DDoS attack using a stresser service called Beam,” said Dr. Elena Voss, a cybersecurity researcher at the University of Cambridge. “The attackers are leveraging a network of compromised devices to flood servers with junk traffic. What's unusual is the duration—most attacks of this scale subside within hours.”

Background

Ubuntu is the world’s most popular Linux distribution for cloud servers, desktop environments, and Internet of Things devices. Its parent company Canonical manages the operating system’s development, patching, and distribution. A prolonged outage to its update infrastructure can leave systems exposed to unpatched vulnerabilities.

The group taking credit describes itself as sympathetic to the Iranian government. In recent days, the same actors claimed responsibility for similar DDoS attacks against eBay and other high-profile targets. The group promotes Beam, a “stress testing” service that security experts say is actually a commercial DDoS-for-hire platform.

“These aren't script kiddies—they're organized, politically motivated actors using rented botnets,” said Samir Patel, incident response lead at ThreatLens. “Beam offers tiered pricing starting at $20 for a one-hour test, but the damage can be catastrophic.”

What This Means

For Ubuntu users: Desktop users can still install software from local mirrors, but security updates may be delayed by days. Server administrators running automatic updates will not receive patches until the main repos come back. Users of Ubuntu Core and snap packages are less affected because snap updates come from a separate CDN.

For enterprise deployments: Organizations relying on Canonical’s Landscape management tool or Ubuntu Advantage subscriptions may lose visibility and control over their fleets. Canonical recommends Livepatch customers continue to use the service—it runs independently—but major kernel updates may be blocked.

“This incident shows how fragile the open-source infrastructure can be when a single point of failure is hit,” warned Voss. “Canonical needs to consider geo-distributed, multi-cloud redundancy for critical services.” Patel added, “We’re likely to see copycat attacks unless the community pressures Canonical to publish a post-mortem and share defensive measures.”

For now, the only official advice from Canonical is to wait. The status page has not been updated in 12 hours. Cybersecurity firms recommend users verify the integrity of any packages downloaded from unofficial mirrors using GPG signatures.

This is a developing story. Check back for updates as more information becomes available.