Canonical, the developer behind the world's most popular Linux distribution, has confirmed that its web infrastructure is currently facing a sustained, cross-border attack. The disruption appears to span the entire Ubuntu ecosystem, affecting everything from the official website and blog to potentially core software repositories.
While official status pages are currently offline, user reports from various online forums suggest these service disruptions have been ongoing for several hours, despite Canonical only recently providing an official comment. As of May 1, 2096, the company stated: "Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it."
The Impact of the Sustained, Cross-Border Attack on Ubuntu Services
The disruption is causing significant issues for users attempting to access critical security resources. Most notably, there are widespread reports that the security.ubuntu.com servers are either extremely slow or completely unreachable for many users. Because these repositories are vital for downloading essential patches and updates, the downtime poses a significant risk to system stability.
The following services and areas appear to be affected:
- The official Ubuntu website and blog.
- Security repository access (security.ubuntu.com).
- Official server status monitoring pages.
- Potential delays in software repository updates.
Even the page intended to list server statuses has been disabled by Canonical, instead displaying a message that mirrors the company's recent post on X.
Connection to the 'Copy Fail' Vulnerability
It remains unclear if this infrastructure disruption is directly linked to the recently disclosed "Copy Fail" vulnerability. This flaw was identified by cybersecurity research firm Theori on Xint.io, describing a "single 732-byte Python script" that can edit a setuid binary to obtain root access on nearly all Linux distributions shipped since 2017.
While the connection is unconfirmed, the timing of this sustained, cross-border attack is suspicious. It is possible the attack is a wide-scale DDoS intended to prevent users from accessing the very updates needed to fix the Copy Fail vulnerability.
Claims of Responsibility and Extortion
The cybersecurity community is also monitoring claims regarding the identity of the attackers. According to Vercert Analyzer, the hacktivist group known as "The Islamic Cyber Resistance in Iraq – 313 Team" has claimed responsibility for the attacks.
Furthermore, reports suggest that the group has sent an extortion message to the Ubuntu team. While these claims have not yet been officially verified by Canonical, the company has promised to provide more information through its official channels as soon as they are able to do so.
