Canonical Servers: Massive Cyberattack Underway
An ongoing attack on Canonical servers is affecting the Snapstore and other critical components.
(Image: Sashkin/Shutterstock.com)
Canonicals IT infrastructure is under attack: Snapstore, Launchpad, the Ubuntu website, and other important components are currently difficult or impossible to reach. Canonical confirms the attack and is already working on fixing the problems.
Currently, there is a "ongoing, cross-border attack," Canonical writes on its status page. This fuels speculation about a DDoS attack, but this has not been confirmed yet (as of Friday, May 1, 1:28 PM). According to the page, the attack falls under the category "Complete Outage." The list of affected Linux components is long:
- gopkg.in
- lists.ubuntu.com
- security.ubuntu.com
- jaas.ai
- keyserver.ubuntu.com:11371
- wiki.ubuntu.com
- ppa.launchpad.net
- archive.ubuntu.com
- Livepatch API
- canonical.com
- login.ubuntu.com
- maas.io
- launchpad.net
- blog.ubuntu.com
- developer.ubuntu.com
- contracts.canonical.com
- Ubuntu Security API - CVEs
- Ubuntu Security API - Notices
- academy.canonical.com
- ubuntu.com
- Landscape,
- portal.canonical.com
- images.maas.io
- assets.ubuntu.com
Users currently cannot obtain ISO images of Linux distros from Ubuntu or log into their Canonical accounts. An ad-hoc attempt to download an application via snap install on Kubuntu 25.10 was successful, however (as of Friday, May 1, 1:33 PM). According to a report by the IT news portal The Register, the pro-Iranian cybercriminal group "313 Team" claims responsibility for the attack. It reportedly began on Thursday and was supposed to last four hours, according to an announcement on one of the group's Telegram channels. However, the problems are still ongoing. According to the report, 313 Team has contacted Canonical with contact details and threatens to continue the attack if Canonical does not respond to the group.
Videos by heise
313 Team has also claimed responsibility for a DDoS attack on the social media platform Bluesky, and Mastodon has also been targeted by the criminals. The cyber gang is associated with Iran by IT security experts. It is apparently responsible for numerous DDoS attacks and is ideologically aligned with the Iranian regime. However, the selection of attack targets appears arbitrary. No specific demands are discernible.
(nen)
