Attack knocks Ubuntu websites, services and Snap store offline

posted by Rianne Schestowitz on May 02, 2026,
updated May 07, 2026

Quoting: Attack knocks Ubuntu websites, services and Snap store offline - OMG! Ubuntu —

The Ubuntu APT repos are not offline, as they’re mirrored across multiple locations, countries and servers, although the main archive.ubuntu.com is offline (at the time of writing). It’s still possible to download OS ISO images too, due to distributed mirrors/repos.

The Ubuntu OS is also not compromised or affected directly.

Websites and services which are offline (at the time of writing) include any website hitched to the main Ubuntu website including lists.ubuntu.com, security.ubuntu.com, login.ubuntu.com, archive.ubuntu.com and keyserver.ubuntu.com:11371.

The Livepatch API is impacted, as is Landscape, the maas.io website, launchpad.net and Canonical’s own website along with some subdomain services (contracts.canonical.com, portal.canonical.com), but not all.

Canonical don’t call it a DDoS, but they do say it is ‘sustained’. That points some sort of volumetric onslaught intentionally affecting availability. The who, how and (importantly) why is unknown, but a hacktivist group has reportedly claimed responsibility1.

Read on

More Updates:

• Ubuntu infrastructure has been down for more than a day - Ars Technica

  Servers operated by Ubuntu and its parent company Canonical were knocked offline on Thursday morning and have remained down ever since, a situation that’s preventing the OS provider from communicating normally following the botched disclosure of a major vulnerability.

  Attempts to connect to most Ubuntu and Canonical webpages and download OS updates from Ubuntu servers have consistently failed over the past 24 hours. Updates from mirror sites, however, have continued to work normally. A Canonical status page said: “Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it.” Other than that, Ubuntu and Canonical officials have maintained radio silence since the outage began.

• Ubuntu services hit by outages after DDoS attack | TechCrunch

  Hacktivists have claimed responsibility for taking down the public-facing infrastructure of popular Linux operating system distribution Ubuntu, as well as Canonical, the company that develops and maintains the software. The attack began on Thursday, and affected services that Ubuntu users rely on.

  “Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it. We will provide more information in our official channels as soon as we are able to,” the company said on its website.

• Pro-Iran group turns Ubuntu DDoS into shakedown

  Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant.

  "I can confirm that Canonical's web infrastructure is under a sustained, cross-border Distributed Denial of Service (DDoS) attack" a Canonical spokesperson told The Register.

  "Our teams are working to restore full availability to all affected services. We will provide updates in our official channels as soon as we are able to."

  Known best for managing the development of Ubuntu, the distro's main website is down at the time of writing, and has been for several hours.

• Canonical, the company that makes Ubuntu Linux, says its web infrastructure is under a 'sustained, cross-border attack' | PC Gamer

  Canonical, the company behind the most popular Linux distro, says its web infrastructure is currently under a "sustained, cross-border attack."

  Affected sites and services seem to run across the entire Ubuntu gamut, from its website to its blog and even potentially its repos. According to what user reports I could gleam from online forums—given official status pages are down—the problems have been ongoing for hours even if Canonical only officially commented on it recently.

• Canonical under sustained DDoS attack as Ubuntu 26 releases — Iranian group 313 Team claims responsibility

  The meatspace war with Iran has been spilling into cyberspace as well, and the latest casualty is Canonical. The company behind the ever-popular Ubuntu Linux is in a spot of bother, as the majority of its infrastructure is being hit by a Distributed Denial of Service (DDoS) attack. The attack has reportedly been claimed by Iranian ne'er-do-wells 313 Team, also known as the Islamic Cyber Resistance in Iraq. The attackers requested a virtual meeting with the Canonical staff under threat of continued attacks, but there have been no other public developments.

  The most obvious result is that Canonical's, er, canonical Ubuntu download and update mirrors worldwide are sluggish or down entirely, as is the main website. The attack extends to Launchpad, the Snap store, Canonical SSO, and other related services. Thankfully, there are no reports of security compromises affecting package repositories or ISO images, so whichever download spot you find should be safe.

  Intentionally or not, this attack comes hot on the heels of the release of Ubuntu 26 LTS, dubbed Resolute Raccoon. As its name and even version number imply, this is a release with an extended support window, meaning it'll be the one installed in servers and workstations worldwide.

• Pro-Iran Hackers Hit Ubuntu's Canonical With DDoS, Float Extortion Demand

  If you’re having trouble accessing websites for the Linux distribution Ubuntu, an ongoing DDoS attack is to blame.

  On Friday, Ubuntu developer Canonical confirmed the DDoS, which involves hackers summoning a burst of internet traffic to overwhelm and take down a website or server. “Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it,” it tweeted. “We will provide more information in our official channels as soon as we are able to.”

  The attack appears to have shut down access to Canonical’s main site and the Ubuntu.com domain, though PCMag was able to load some related pages. A pro-Iranian hacking group, the Islamic Cyber ​​Resistance in Iraq, also known as the 313 Team, has claimed responsibility for the DDoS assault, which began on Thursday.

4 more:

• Iran Hackers target Canonical Ubuntu Software with DDoS Attack

  In recent months, a noticeable surge in politically motivated cyberattacks has drawn global attention, particularly those attributed to groups aligned with Iran. These hacking collectives appear to be targeting Western digital infrastructure not only to cause disruption but also to amplify their presence on the international stage. By focusing on high-visibility organizations, they aim to generate widespread media coverage while signaling their technical capabilities and ideological stance.

• 313 Team Hits Canonical With DDoS And Extortion Demand

  An Iran-linked hacktivist group, the “Islamic Cyber Resistance in Iraq 313 Team,” hit Canonical with a sustained DDoS attack starting approximately April 30, 2026, paired with a Session-channel extortion demand reported by VECERT.

• Ubuntu's web infrastructure is under a 'sustained, cross-border attack'

• Hacktivists launched DDoS against Canonical and disrupted Ubuntu updates

  Hacktivists have claimed responsibility for outages in the public infrastructure of the Ubuntu distribution and the company Canonical, which develops and maintains this software. The attack began on Thursday and affected services used by Ubuntu users.

Ubuntu.com site unreachable Sunday.

2 more articles:

• The Daily Star ☛ Ubuntu hit by major cyberattack, services disrupted

  Public-facing services of Ubuntu, the open-source operating system (OS), were disrupted following a large-scale cyberattack that began on April 30, affecting critical systems relied upon by users worldwide.

• Ubuntu and Canonical services disrupted by DDoS attack claimed by hacktivists

  Ubuntu's public-facing infrastructure and its developer, Canonical, have been targeted by a distributed denial-of-service (DDoS) attack, disrupting services for users. The attack began on Thursday and has affected various Ubuntu and Canonical websites, as well as the ability for users to update and install the operating system, as reported by TechCrunch.

3 more:

• eSecurity Planet ☛ Canonical Hit by Sustained DDoS Attack, Disrupting Ubuntu Services Worldwide

  Canonical’s web infrastructure was knocked offline by a distributed denial-of-service (DDoS) attack, disrupting core Ubuntu services relied on by developers and security teams globally.

  “A direct extortion message sent to the Ubuntu team by the hacktivist group ‘The Islamic Cyber Resistance in Iraq – 313 Tea,’ has been detected,” said VECERT Analyzer in their X post.

• Heise ☛ Canonical Servers: Massive Cyberattack Underway

  Canonical's IT infrastructure is under attack: Snapstore, Launchpad, the Ubuntu website, and other important components are currently difficult or impossible to reach. Canonical confirms the attack and is already working on fixing the problems.

  Currently, there is a "ongoing, cross-border attack," Canonical writes on its status page. This fuels speculation about a DDoS attack, but this has not been confirmed yet (as of Friday, May 1, 1:28 PM). According to the page, the attack falls under the category "Complete Outage."

• Ubuntu Hit by Outages After DDoS Attack on its Public-Facing Infrastructure

  Ubuntu, the public-facing infrastructure of the popular Linux operating system distribution and its parent company Canonical, faced outages starting Thursday (US time). Hackers have since claimed responsibility for the DDoS attack.

  “Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it. We will provide more information in our official channels as soon as we are able to,” the company said on its website.

Impact long-lasting:

• PC Gamer ☛ Ubuntu servers restored after DDoS attack sends services down for days

  Canonical, the company behind Ubuntu, has confirmed that services are back up and running following a major DDoS attack that left some of its infrastructure, including websites and repos, unavailable for five days.

  DDoS, or Distributed Denial of Service, attacks are intended to disrupt the everyday operation of servers and networks. They're often quite effective, too, leveraging a flood of requests from IP addresses that are tough to distinguish from genuine ones, with the intention of overwhelming a system. That's what Canonical has been dealing with over the past five days, only recently confirming that it has restored services.

• TechRadar ☛ Some Ubuntu services are still down following outages after DDoS attack | TechRadar

  Users are reporting being unable to install or update Ubuntu following a Distributed Denial of Service (DDoS) attack by Iraqi hacktivists, with Canonical, the company behind the popular Linux distribution, was also struck.

  “Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it. We will provide more information in our official channels as soon as we are able to,” the company said at the time.