A coordinated DDoS attack by hacktivist group 313 Team disrupted over a dozen Canonical services including ubuntu.com, security.ubuntu.com, and the Ubuntu Security API.
Canonical, the company behind the Ubuntu Linux distribution, experienced widespread service disruptions across its core web infrastructure following a coordinated DDoS attack. The hacktivist group identifying itself as The Islamic Cyber Resistance in Iraq 313 Team claimed responsibility for the offensive, marking one of the most significant attacks against open-source infrastructure in recent memory.
More than a dozen services and domains were affected, including ubuntu.com, canonical.com, security.ubuntu.com, archive.ubuntu.com, developer.ubuntu.com, and the Ubuntu Security API for CVEs and Notices. The disruption of the Security API was particularly concerning, as these endpoints are relied upon by system administrators, patch management tools, and security automation pipelines worldwide to fetch vulnerability data and security advisories in real time.
Canonical acknowledged the outages via its status page and official X account. While DDoS attacks do not involve data exfiltration or system compromise, the sustained takedown of critical open-source services carries significant operational impact for the global developer and security community. The unavailability of archive.ubuntu.com disrupted package installations and system updates, while the outage of security-related APIs could delay automated patching workflows for organizations dependent on Ubuntu’s security feed infrastructure.
Security teams relying on Ubuntu’s CVE and advisory APIs are advised to implement fallback data sources such as the NVD or OSV until services are fully restored.
Source: Cyber Security News — Ubuntu Website and Canonical Web Services Hit by DDoS Attack
