Canonical under sustained DDoS attack as Ubuntu 26 releases — Iranian group 313 Team claims responsibility

Data flow — (Image credit: Getty Images)

The meatspace war with Iran has been spilling into cyberspace as well, and the latest casualty is Canonical. The company behind the ever-popular Ubuntu Linux is in a spot of bother, as the majority of its infrastructure is being hit by a Distributed Denial of Service (DDoS) attack. The attack has reportedly been claimed by Iranian ne'er-do-wells 313 Team, also known as the Islamic Cyber Resistance in Iraq. The attackers requested a virtual meeting with the Canonical staff under threat of continued attacks, but there have been no other public developments.

The most obvious result is that Canonical's, er, canonical Ubuntu download and update mirrors worldwide are sluggish or down entirely, as is the main website. The attack extends to Launchpad, the Snap store, Canonical SSO, and other related services. Thankfully, there are no reports of security compromises affecting package repositories or ISO images, so whichever download spot you find should be safe.

Article continues below

Go deeper with TH Premium: AI shortages

Much like yours truly found out yesterday, you may find it difficult to get a hold of Ubuntu 26, package updates, or even the handy WSL2 image. The Linux community is large and spread out, though, so any one of the hundreds of the non-Canonical (pun intended) will suffice. You can find one of the mirrors in the list at launchpad.net; if that link fails to load, you can consult the version on the Wayback Machine here. If you have a torrent client handy, here are the links to the desktop x64 release and the live server x64 version.

Some techies hypothesized that this attack could be related to the disastrous Copy Fail vulnerability, to which most distros, including the extant Ubuntu 24, are vulnerable. That premise is a little shaky, as in the grand scheme of things, just stopping people from updating Ubuntu isn't a world-ender, plus power users and competent sysadmins will apply a workaround or just find a mirror regardless.

TOPICS

Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.

5 Comments Comment from the forums

DS426

Darn, no CloudFlare to mitigate their DDoS attack!?

Also, I didn't realize that it did end up shipping with the 7.0 kernel.
Reply
bit_user

DS426 said:
Darn, no CloudFlare to mitigate their DDoS attack!?
I really wish some sort of bittorrent-like technology would've caught on, both for distributing distos and for distributing updates. Sure, they could still attack the servers holding the torrent files and doing centralized tracking, but anyone who's already got a torrent could use peer-to-peer discovery instead of relying on centralized trackers.

DS426 said:
Also, I didn't realize that it did end up shipping with the 7.0 kernel.
Yeah, but it doesn't really mean anything that they bumped the major version number. Linus just decided to start doing that after every 20 releases. In other words, the Linux kernel's version number doesn't adhere to semantic versioning.
Reply
Krieger-San

FYI - The 7.0 kernel ships with the CopyFail exploit (I believe); be sure to disable the ability for the exploit to run: https://github.com/mahradbt/copyfail-mitigation#what-the-mitigation-does
Happy New Linux Day my fellow Admin's
Reply
usertests

bit_user said:
I really wish some sort of bittorrent-like technology would've caught on, both for distributing distos and for distributing updates. Sure, they could still attack the servers holding the torrent files and doing centralized tracking, but anyone who's already got a torrent could use peer-to-peer discovery instead of relying on centralized trackers.
Pretty sure Linux ISOs are or were distributed by BitTorrent all the time, to the point where it became a pirate joke like yeah I'm just downloading gigabytes of Linux ISOs teehee.

Don't know about Ubuntu's use of it specifically.

bit_user said:
Yeah, but it doesn't really mean anything that they bumped the major version number. Linus just decided to start doing that after every 20 releases. In other words, the Linux kernel's version number doesn't adhere to semantic versioning.
It's still arguably an important release, even if you determine it's no more important than 6.19 or 7.1.

https://www.phoronix.com/news/Linux-7.0-Released
User you replied to didn't even imply anything beyond "I didn't know they were using 7.0 already". You dropped the versioning lore for no reason.
Reply
bit_user

usertests said:
Pretty sure Linux ISOs are or were distributed by BitTorrent all the time,
Oh, you can still download Ubuntu via bittorrent. Canonical releases torrent files and hosts official mirrors. That's not exactly what I mean, though. What I wish is that instead of getting .deb files from official mirrors, they could be shared peer-to-peer. Furthermore, if the ISO image was constructed properly, it could be just a wrapper + the individual .deb files, so that most of the seeding could be handled by the repo seeders.

Part of my wish is that ISPs (like mine) wouldn't block it, either. I had to stop downloading Ubuntu via torrent, simply because of my ISP. Anyway, the official download is now so fast that it usually beats how fast I seem to recall the torrents were.

usertests said:
It's still arguably an important release, even if you determine it's no more important than 6.19 or 7.1.

https://www.phoronix.com/news/Linux-7.0-Released
He publishes those articles about every kernel release.

usertests said:
You dropped the versioning lore for no reason.
Yeah, but some people might be unaware that a new major version number doesn't carry any special meaning, for the Linux kernel.
Reply

Show more comments