Canonical (Ubuntu) DDoS

Comments

• Carlin0 Member

  May 1

  https://discourse.ubuntu.com/t/update-concerning-ddos-attack-on-canonical-and-ubuntu/81482
• totally_not_banned Member

  May 1 edited May 1

  cross-border attack

  Oh shit! Once borders get crossed on the internet you know its fucking serious.

  Thanked by 7tentor Alyx rpqu avsisp emgh jsg forest
• Neoon Community Contributor, Veteran

  May 1 edited May 1

  I want to patch my servers, ansible told me, apt-get failed.
  Checked, even the bloody ubuntu repo was down.
  Bloody cock block.

  Thanked by 1host_c
• behuk Member

  May 1

  @Neoon said:
  Checked, even the bloody ubuntu repo was down.

  Mirror? (assuming they updated before the outage)

  Thanked by 2tentor avsisp
• ascicode Member

  May 1

  After this: https://www.omgubuntu.co.uk/2026/04/ubuntu-2604-system-requriments its out of mind using canonical services.

  Thanked by 2host_c x1arch
• behuk Member

  May 1

  Looks like 313 Team are claiming responsibility: https://www.theregister.com/2026/05/01/canonical_confirms_ubuntu_infrastructure_under/

  Thanked by 2avsisp host_c
• JoshR Member, Patron Provider

  May 1

  Why would they target Ubuntu?

  Thanked by 2tentor host_c
• totally_not_banned Member

  May 1 edited May 1

  @JoshR said:
  Why would they target Ubuntu?

  Ubuntu is gay...

  ... well, that and probably because they can.

  Thanked by 1nikio
• host_c Patron Provider, Top Host, Megathread Squad

  May 1

  @JoshR said: Why would they target Ubuntu?

  why target anything?
• slowservers Member, Host Rep

  May 1

  It seems like a smart way to slow down updates with the Copy Fail exploit out. Gives them more time to break into systems.

  Thanked by 2eezcloud TrikeLike
• nikio Member

  May 2

  @slowservers said:
  It seems like a smart way to slow down updates with the Copy Fail exploit out. Gives them more time to break into systems.

  You'd be right, but this is an LPE. You'd actually need to break in (or publish some docker image that the reguards on reddit will blindly auto-update with watchtower while pretending they are "self hosting" or something).
• raindog308 Administrator, Veteran

  May 2

  @behuk said: 313 Team

  When you're from Iran but use the Detroit area code for street cred.

  Thanked by 2totally_not_banned skorous
• behuk Member

  May 7

  Good news: they appear to have mitigated the DDoS attacks by migrating some of their prefixes behind Cloudflare's "magic transit" (e.g. 185.125.190.0/24.

  Less good news: their account on X / Twitter appears to have been hacked...

  Original malicious post: https://x.com/i/status/2052211357542453341(with comments turned off due to "suspicious links" 😂).

  Screenshot for when it gets taken down:
  

  It looks like it's some sort of scam where you connect your crypto wallet and then they drain it for you:
  

  Thanked by 1forest
• cheekydozen Member

  May 7

  @totally_not_banned said:

  @JoshR said:
  Why would they target Ubuntu?

  Ubuntu is gay...

  ... well, that and probably because they can.

  Everything is.