Ubuntu maintainer Canonical says its web infrastructure is under “a sustained, cross-border attack” – with pages like its security advisory page and many others unavailable now for over 14 hours as The Stack published.
Without providing further details (although the short social post suggests that the incident is a large-scale DDoS attack) Canonical said simply that it is “working to address it” and “will provide more information” when able to.
The Stack first noticed issues with Canonical page availability on Thursday after Ubuntu’s advisory on the Copy Fail Linux vulnerability returned a 503.
Ubuntu confirmed the ongoing incident at 8:19am GMT on Friday.
A group calling itself "The Islamic Cyber Resistance in Iraq – 313 Team" has claimed responsibility for the attack, resulting in wide disruption to Ubuntu's web services.
DDoS attacks continue to escalate, despite rarely making headlines.
On October 24, 2025 Azure saw a multi-vector DDoS attack measuring 15.72 Tbps and nearly 3.64 billion packets per second (pps) that originated from the Aisuru botnet; the attackers targeted a single endpoint in Australia.
The botnet used compromised home routers and cameras to launch attacks. In that incident, 500,000 IPs were used to trigger “extremely high-rate UDP floods” that had “minimal source spoofing and used random source ports.”
Cloudflare said that in 2025, the total number of DDoS attacks more than doubled to 47.1 million discrete incidents. The most substantial growth was in network-layer DDoS attacks, which more than tripled year over year.
One 2025 DDoS attack was equivalent, Cloudflare wrote last year, to “the combined populations of the UK, Germany, and Spain all simultaneously typing a website address and then hitting 'enter’ at the same second.”
Cloudflare reported a record 31.4 Tbps DDoS attack in Q4.
Canonical's status page is here for updates.
The link has been copied!
