Canonical confirmed its web infrastructure is under a sustained, cross‑border DDoS assault after the hacktivist collective known as 313 Team claimed responsibility. The group posted on Telegram that the disruption would last four hours, yet Ubuntu.com remains inaccessible hours later, returning 503 errors across the main site and several subdomains.

The attackers escalated from pure denial‑of‑service to extortion, messaging Canonical with a “Session Contact ID” and warning that any silence would prolong the flood. Users cannot download Ubuntu images or log into their Canonical accounts, while archive and discourse services stay online. 313 Team has previously hit eBay Japan, eBay US and social platform BlueSky.

Canonical’s engineering teams are working to restore full availability and promise updates via official channels. The incident highlights the vulnerability of high‑profile open‑source infrastructure to state‑linked botnets, as Iran‑aligned groups increasingly weaponize IoT‑derived traffic. With Ubuntu serving millions of developers, prolonged outage could disrupt software pipelines and cloud deployments worldwide.

Law enforcement in Poland recently disrupted a teen‑run DDoS kit operation, underscoring global efforts to curb such botnets. Nonetheless, the persistence of the current attack suggests the underlying botnet remains active, forcing Canonical to consider longer‑term mitigation like traffic scrubbing services and tighter rate‑limiting for inbound requests.