Ubuntu services disrupted as Pro-Iran hackers hit Canonical with DDoS attack

Ubuntu services faced disruption after a DDoS attack hit Canonical’s infrastructure, affecting websites and update systems for several hours.

Published By: Shubham Arora | Published: May 02, 2026, 12:09 PM (IST)

Ubuntu users recently faced issues while accessing services, and it turns out a cyberattack is behind it. Canonical confirmed that its web infrastructure was hit by a sustained DDoS attack, which started around Thursday and continued for several hours. Also Read: This Android phone tries to replace your laptop by running Windows and Linux

During this time, multiple services linked to Ubuntu were either slow or not working at all. Some users also reported problems while trying to install updates on their systems. Also Read: Microsoft Blocks Largest-Ever Cloud DDoS Attack Aimed At Australian Website: Here’s What Happened

What the attack involved

The attack is a distributed denial-of-service, or DDoS. This basically means flooding servers with traffic until they stop responding. Also Read: Valve Confirms that SteamOS will Support More Handhelds and PCs

Canonical said its infrastructure was under a cross-border attack and that it was working to fix the issue. The impact was not limited to just websites. Parts of Ubuntu's backend services were also affected, including systems that handle updates.

That's where it started becoming a problem for users. In some cases, updates simply failed to install, which can be risky since these updates often include security fixes.

Who claimed responsibility

A group calling itself the Islamic Cyber Resistance in Iraq, also known as the 313 Team, said it carried out the attack. The claim was made on Telegram.

The group also said it used a DDoS-for-hire service called Beamed. These services make it easier to launch such attacks without needing much technical setup.

There were also messages suggesting that the group was open to communication, which points towards an extortion angle, although nothing has been confirmed officially.

What users experienced

For most users, it mostly came down to websites either not opening at all or taking too long to load. In a few cases, even basic services weren't working properly.

The bigger concern was around updates. Some users were unable to install updates during the attack, which can leave systems exposed if important patches are delayed.

This came at a time when Canonical had already shared details about a new Linux vulnerability, which made access to updates more important.

A pattern that is becoming common

DDoS attacks like this are not new, but they are still effective. They don't require complex hacking techniques, but they can still disrupt large services.

Groups using DDoS-for-hire tools have been active for a while now. Agencies like the FBI and Europol have tried to take down such services, but new ones keep appearing.

This attack also comes at a time when cyber activity linked to geopolitical tensions between Iran and the US has been increasing, although there is no clear confirmation of any direct state involvement here.

Get latest Tech and Auto news from Techlusive on our WhatsApp Channel, Facebook, X (Twitter), Instagram and YouTube.