Most Ubuntu and Canonical servers have been offline for more than a day following a sustained distributed denial-of-service attack, leaving users unable to access the OS provider's websites or download system updates directly from Ubuntu's servers.
The outage began Thursday morning. A Canonical status page provided a brief explanation: "Canonical's web infrastructure is under a sustained, cross-border attack and we are working to address it." Beyond that statement, company officials have not publicly commented. Mirror sites, which host copies of Ubuntu packages independently, continued to function normally throughout the disruption.
A group sympathetic to the Iranian government claimed responsibility for the attack via posts on Telegram and other social media platforms. The group says it used a tool called Beam, which markets itself as a server stress-testing service but operates, as Ars Technica reported, as a front for paid DDoS attacks on third-party targets. The same group recently claimed credit for knocking eBay offline in a similar operation.
The timing compounded an already difficult situation for Canonical. The attack followed what the company described as a botched disclosure of a major security vulnerability, though officials have not elaborated publicly on the nature of that vulnerability or how the disclosure went wrong. The combination of a failed security announcement and a prolonged infrastructure outage has left the company largely unable to communicate through its normal channels.
DDoS attacks of this kind, while technically unsophisticated compared to direct intrusions, can be highly effective at silencing organizations at precisely the moments when clear communication matters most. For Ubuntu users who rely on official servers for system updates, the practical effect has been a forced pause, though the availability of mirror servers has kept the disruption from becoming a full lockout.
Canonical has not announced a timeline for restoring full service.
