Pro-Iran Hacktivists Escalate DDoS Attacks on Ubuntu.com, Shifting to

Canonical, the company behind the popular [[ubuntu|Ubuntu]] operating system, is experiencing a sustained Distributed Denial of Service (DDoS) attack that has rendered its main website inaccessible for over 12 hours. The pro-Iran hacktivist group, **313 Team** (also known as The Islamic Cyber Resistance in Iraq), has claimed responsibility for the disruption. Initially framed as hacktivism, the group has now explicitly shifted its objective to extortion, emailing Canonical with demands and threatening continued assault if Canonical fails to respond. This attack prevents users from downloading Ubuntu distros and accessing their Canonical accounts, impacting a significant portion of the open-source community. The group has previously targeted entities like [[ebay|eBay]] and [[bluesky|BlueSky]].

• A pro-Iran hacktivist group, 313 Team, is conducting a sustained DDoS attack on Canonical's infrastructure.
• The attack has rendered Ubuntu.com inaccessible, preventing users from downloading distros and accessing accounts.
• 313 Team has explicitly shifted from hacktivism to extortion, demanding contact from Canonical.
• The group has a history of similar attacks against major tech companies like eBay and BlueSky.
• The incident highlights the growing threat of cyber extortion targeting critical open-source infrastructure.

A pro-Iran hacktivist group, **313 Team**, has claimed responsibility for a prolonged DDoS attack against Canonical's web infrastructure, leading to the unavailability of **Ubuntu.com**. The attack, which began on Thursday evening, has persisted for over 12 hours, impacting user access to downloads and account services. The group has explicitly stated its intent to extort Canonical, demanding contact via email. While the group has a history of similar attacks on other major tech platforms, the specific motivation for targeting Canonical remains undisclosed. Canonical has confirmed the ongoing attack and is working to restore services.

The **resilience of open-source infrastructure** will ultimately prevail. Canonical's security teams are likely already implementing robust countermeasures, and the open-source community's collaborative spirit means swift development of solutions. This incident might spur further investment in DDoS mitigation strategies for critical open-source projects, ultimately making the ecosystem stronger and more secure against future attacks. The prompt response and transparency from Canonical will foster trust and demonstrate the community's ability to weather such storms.

This attack highlights a dangerous evolution in hacktivism, where **disruptive DDoS campaigns are weaponized for direct financial extortion**. The prolonged downtime of Ubuntu.com, a critical resource for millions of users and developers, underscores the vulnerability of even widely-used open-source projects. The shift to extortion means that even if Canonical successfully mitigates the current DDoS, the threat of future, more sophisticated attacks or data breaches remains high, potentially chilling innovation and user adoption within the open-source ecosystem. The lack of clear motivation also raises concerns about the unpredictable nature of these state-sponsored or state-aligned cyber threats.

Originally reported by The Register