Canonical confirms "cross-border" attack as Ubuntu website and services remain down

Canonical is dealing with a massive outage right now after confirming a sustained cyberattack took down almost all of Ubuntu’s web infrastructure.

The main ubuntu.com site has been throwing 503 connection errors for over 14 hours.

It is not just the homepage. Critical infrastructure like security APIs, Snapcraft, and mailing lists are completely inaccessible for millions of users worldwide.

Canonical’s status page, which is also bugging out due to the attack, has been updated with the details. The company labeled the incident a “sustained, cross-border attack.” They promised to provide more details through official channels as soon as they can.

A thread on r/Ubuntu shows widespread confusion and frustration, with users there discussing what might have gone wrong.

That said, according to threat intelligence account VECERT Analyzer, a hacktivist group calling itself “The Islamic Cyber Resistance in Iraq 313 Team” claimed responsibility for flooding the servers.

Things escalated quickly from a simple disruption. VECERT reports that the group sent an extortion message directly to the Ubuntu team with a Session ID to negotiate an end to the attack. The threat actor warned that they will keep the servers offline if Canonical ignores them.

The outage lines up perfectly with the public disclosure of a severe Linux vulnerability known as CopyFail. System administrators usually rush to patch their servers when a critical bug drops. Right now, they cannot even load Canonical’s official security notice to figure out how to secure their machines.

Meanwhile, some users on Reddit are wondering if the attackers specifically chose today to prevent people from fixing their systems. Others think it is just a horrible coincidence.

We’ll just have to wait for Canonical to release a full post-mortem or acknowledge the ransom demand. 

Our team will keep a close watch as the situation develops and will update the article accordingly.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.