A hacktivist group has claimed responsibility for a distributed denial-of-service (DDoS) attack targeting Ubuntu and its parent company Canonical, knocking out key services and preventing users from installing updates. The attack began on Thursday and had been ongoing for approximately 20 hours as of the time of reporting in May 2026.
Canonical confirmed the incident on its website, stating: “Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it. We will provide more information in our official channels as soon as we are able to.” The company did not respond to a request for further comment.
The group behind the attack, calling themselves The Islamic Cyber Resistance in Iraq 313 Team, claimed responsibility via their Telegram channel. The hacktivists say they used Beamed, a DDoS-for-hire service — also known as a booter or stresser — which allows users to launch DDoS attacks without technical expertise or dedicated infrastructure. Beamed claims to power attacks exceeding 3.5 Tbps, roughly half the bandwidth of what Cloudflare previously described as the largest DDoS attack ever recorded.
A DDoS attack works by flooding a target’s servers with junk traffic until they overload or go offline. According to discussions on an unofficial Ubuntu community forum and a post on a threat intelligence forum, the attack affected Ubuntu’s security API, multiple Ubuntu and Canonical websites, and disrupted the ability to update and install Ubuntu. TechCrunch confirmed that updates failed on a test device running Ubuntu.
The attack highlights the accessibility of DDoS-for-hire services, which allow individuals with no technical background to take down major infrastructure. Authorities including the FBI and Europol have repeatedly targeted such services through domain seizures and arrests, though the services continue to operate.
Source: TechCrunch