Are we/they even sure it is really middle eastern entities and not some group pretending to be one to extort / push / coerce Ubuntu onto a CDN? Perhaps if they published some of the attack packets we could analyze it ourselves and maybe even suggest unorthodox yet simple mitigating controls.
Are all of the package repository mirrors being attacked as well?
[Edit] These [1] seem to be responding to me though I can not reach the one in Iran. Maybe they have a mirror of the static portions of there website somewhere in that rsync export.
Canonical partners with organizations like the U.S. Air Force (USAF) and Platform One to provide secure software and AI/ML capabilities. They have an entire DOD team.
Almost certainly a target of opportunity. The UK has really made a point of staying out of this fight, but is also seen as a close ally of the US. Perhaps the calculus is:
- Iran was able to attack Ubuntu.com
- Iran sees it in its interests to stress the UK / US relationship (albeit in a small way)
I suppose the idea was that Canonical is a UK-based company and they're being threatened by the US's enemy.
Having said that, I really can't believe that either Trump or Starmer will give a shit about this, especially given the recent friction in that relationship.
An actual answer because all you've received so far is complete nonsense: because they want press attention as they're using these attacks to advertise their DDoS-as-a-Service tool. Literally every single statement they release (on Telegram) includes text saying that their attacks are "100% powered by $websiteEndingWithDotSu".
They also attacked the likes of Vrbo, Expedia, eBay and the likes, but they get more press by targeting Mastodon, Bluesky, Ubuntu and the likes, so they go after those now. People are desperately trying to somehow tie those victims to some ideological nonsense, but it's just advertising.
It's a well(ish) known org with well known product, and they seem to have been vulnerable. If they had attacked a deli in Newark, would we be having this conversation?
Maybe ones who don't follow supreme religious leaders that called for the gunning down of 3000 men, women, and children in the streets. And then approve beatings/the murder of doctors that treated them.
Imagine that being your moral leadership. And 3000 is the official Iranian number. Some claim as high as 30,000. Those religious leaders are calling for more murder/death in todays Friday prayers. I don't know how anyone who calls for (or especially signs off on in a religious theocracy) murder can be called spiritual leaders or anyone could follow their 'teachings' .
You say "actively" as if it wasn'y a one-off event... maybe because Iran is forcing children to sit at IRGC checkpoints or other military targets?
None of the gulf countries allowed offensive US strikes to occur from their territory. Its all used to defend against attacks from Iran trying to kill Gulf country children.
I'm not sure dismissing the people who invented the term "checkmate" as a bunch of irrational terrorists really works. They stared down Saddam Hussein, so how hard can it be to stare down Donald Trump?
Bombing Iran is like nuking an asteroid. Now, instead of one giant asteroid on a collision course with Earth, there are a half-dozen medium-sized radioactive asteroids on a collision course with Earth.
Canonical is a UK company, so its a symbolic attack against a Western agent. Ubuntu is used by a lot of tech companies so they knew this attack would get a lot of visibility in the tech community. I'm assuming they think this will garner support from the tech community as well.
Still it feels quite odd that from all western tech companies (and several more influential than Canonical) they chose precisely one that is highly involved with open source
All these comments saying it's just a salient target are making it up. Canonical is a military contractor. They literally have an entire DoD team. That's why they're being targeted. They're far from the only military contractor to be targeted by Iranian hackers this year
Welcome to war. This was why the Qatar attack was so destabilizing.
Iran's position is that any organization that is in any shape or form aligned with the US and West is a target.
And being an anti-war westerner won't help you. People are forgetting that the Iranian government detests Israel and the entirety of the West.
The core principals of the revolution which is the IRGC's entire ideological basis is reversing westoxification (Gharbzadegi) and returning to the norms of the Imam Husayn (Velayat-e Faghih).
The whole point of the Islamic Revolution was to export it.
Khomeinei preached that Shia and Sunni is an arbitrary divide and that the ummah needed to be unified and guided by clerics (who just so happened to be Shia) and to purge decadent Western culture back to an idealized norm of the Imam Husayn.
You should have seen so many lies about Iran by now to justify the neocolonial war against them: so why do you assume every time some newly reported "fact" about them to be true? Rather, you should assume the opposite.
Bluesky and mastodon both strike me as easy targets, they expose protocol level integration points that are probably reasonably expensive to serve and reasonably difficult to detect malicious actors on and/or throttle without significantly degrading the service.
I could see low budget attackers deciding that they were the most (not very much) bang for the (also not very much) buck that they could get...
Ubuntu.com doesn't fit that narrative though. I would have thought canonical would have the servers and skill to weather quite a large attack (on the other hand it did go down...)
That's just because everybody is checking if it is down.
I bet a fair number of websites would collapse under the curiosity load if it were published in major news outlets they they were down. When was the last time you went to nissan.com? But you'd probably go check if you heard it was down.
> Why the group is targeting London-based Canonical remains unclear and no reason was given via its Telegram channel. It is presumably because Ubuntu is one of the most popular Linux distros.
Okay... so? I do not understand the connection between Linux and the US/Israel. You'd think Iran would be very pro-Linux since Windows is a very obvious liability for them.
Is there any reason to believe this attack even has anything to do with Iran? They could simply want money and they just happen to also be pro-Iran.
Systemd was NOT Canonical’s “fault”. They pushed upstart until Debian chose systemd, at that point it made no sense to resist assimilation like all other distros.
It's not Linux, it's Ubuntu. Which is developed by Canonical. Which is a military contractor that has a permanent DoD team and works with the USAF. Which is bombing their country.
> I do not understand the connection between Linux and the US/Israel. You'd think Iran would be very pro-Linux since Windows is a very obvious liability for them
Canonical is a British company and the employees are westerners. That makes them targets in the eyes of Iran.
People are forgetting that the Iranian government detests Israel and the entirety of the West. The core principal of the revolution is reversing westoxification (Gharbzadegi) and returning to the norms of the Imam Husayn (Velayat-e Faghih). That's the whole crux of the Islamic Revolution and why the Islamic Revolutionary Guard Corp (IRGC) exists.
Open source and anti-war westerners are viewed opportunistically but with disdain.
Does anyone know why Ubuntu would be targeted by pro-Iranian activists? I'm perplexed by the connection.
Are we/they even sure it is really middle eastern entities and not some group pretending to be one to extort / push / coerce Ubuntu onto a CDN? Perhaps if they published some of the attack packets we could analyze it ourselves and maybe even suggest unorthodox yet simple mitigating controls.
Are all of the package repository mirrors being attacked as well?
[Edit] These [1] seem to be responding to me though I can not reach the one in Iran. Maybe they have a mirror of the static portions of there website somewhere in that rsync export.
[1] - https://gist.github.com/nathan-osman/bdf4fc0f9174fdc293cf5eb...Canonical partners with organizations like the U.S. Air Force (USAF) and Platform One to provide secure software and AI/ML capabilities. They have an entire DOD team.
I can't find much info about that (especially with their website down). Is Canonical's work with the DOD more like Raytheon or Pizza Hut?
Raytheon: providing products specifically for the DOD
Pizza Hut: selling their usual product to the DOD
Almost certainly a target of opportunity. The UK has really made a point of staying out of this fight, but is also seen as a close ally of the US. Perhaps the calculus is:
- Iran was able to attack Ubuntu.com
- Iran sees it in its interests to stress the UK / US relationship (albeit in a small way)
Why would Ubuntu problems cause stress in the US/UK relationship?
I suppose the idea was that Canonical is a UK-based company and they're being threatened by the US's enemy.
Having said that, I really can't believe that either Trump or Starmer will give a shit about this, especially given the recent friction in that relationship.
An actual answer because all you've received so far is complete nonsense: because they want press attention as they're using these attacks to advertise their DDoS-as-a-Service tool. Literally every single statement they release (on Telegram) includes text saying that their attacks are "100% powered by $websiteEndingWithDotSu".
They also attacked the likes of Vrbo, Expedia, eBay and the likes, but they get more press by targeting Mastodon, Bluesky, Ubuntu and the likes, so they go after those now. People are desperately trying to somehow tie those victims to some ideological nonsense, but it's just advertising.
It's a well(ish) known org with well known product, and they seem to have been vulnerable. If they had attacked a deli in Newark, would we be having this conversation?
Canonical literally has a DOD team. They are a military contractor
They work with US military.
Terrorists will generally target anything of opportunity.
It was also perplexing when Iran was shooting missiles at their allies, until you realize they aren't rational humans.
> they aren't rational humans.
Would you be able to point to any rational humans?
Maybe ones who don't follow supreme religious leaders that called for the gunning down of 3000 men, women, and children in the streets. And then approve beatings/the murder of doctors that treated them.
Imagine that being your moral leadership. And 3000 is the official Iranian number. Some claim as high as 30,000. Those religious leaders are calling for more murder/death in todays Friday prayers. I don't know how anyone who calls for (or especially signs off on in a religious theocracy) murder can be called spiritual leaders or anyone could follow their 'teachings' .
Which allies are you talking about? Gulf nations with US bases actively being used to kill their children?
You say "actively" as if it wasn'y a one-off event... maybe because Iran is forcing children to sit at IRGC checkpoints or other military targets?
None of the gulf countries allowed offensive US strikes to occur from their territory. Its all used to defend against attacks from Iran trying to kill Gulf country children.
I'm not sure dismissing the people who invented the term "checkmate" as a bunch of irrational terrorists really works. They stared down Saddam Hussein, so how hard can it be to stare down Donald Trump?
Bombing Iran is like nuking an asteroid. Now, instead of one giant asteroid on a collision course with Earth, there are a half-dozen medium-sized radioactive asteroids on a collision course with Earth.
Canonical is a UK company, so its a symbolic attack against a Western agent. Ubuntu is used by a lot of tech companies so they knew this attack would get a lot of visibility in the tech community. I'm assuming they think this will garner support from the tech community as well.
Exactly as described in "how to win friends and influence people". Break their stuff and extort money.
> I'm assuming they think this will garner support from the tech community as well.
I don't understand their thinking if this is the case. DDoSing widely used project is going to turn people against you, not generate support.
Still it feels quite odd that from all western tech companies (and several more influential than Canonical) they chose precisely one that is highly involved with open source
All these comments saying it's just a salient target are making it up. Canonical is a military contractor. They literally have an entire DoD team. That's why they're being targeted. They're far from the only military contractor to be targeted by Iranian hackers this year
Welcome to war. This was why the Qatar attack was so destabilizing.
Iran's position is that any organization that is in any shape or form aligned with the US and West is a target.
And being an anti-war westerner won't help you. People are forgetting that the Iranian government detests Israel and the entirety of the West.
The core principals of the revolution which is the IRGC's entire ideological basis is reversing westoxification (Gharbzadegi) and returning to the norms of the Imam Husayn (Velayat-e Faghih).
Judging from their behavior against their own people and their Islamic neighbors, it seems like the IRGC's hatred isn't limited to the West.
The whole point of the Islamic Revolution was to export it.
Khomeinei preached that Shia and Sunni is an arbitrary divide and that the ummah needed to be unified and guided by clerics (who just so happened to be Shia) and to purge decadent Western culture back to an idealized norm of the Imam Husayn.
You should have seen so many lies about Iran by now to justify the neocolonial war against them: so why do you assume every time some newly reported "fact" about them to be true? Rather, you should assume the opposite.
There is such a thing as being too open-minded to form an accurate perception of reality.
I think the saying is "so open-minded your brain fell out"
Sounds like they're picking on easy targets rather than relevant ones. Lame.
Ubuntu.com seems to be fine right now. A bit slow, maybe. Ubuntu 26.04.LTS is out.
313 Team runs arch btw
I'd have guessed Mint.
Related:
Canonical/Ubuntu have been under DDoS for more than 15h
https://news.ycombinator.com/item?id=47972213
That says resolved, but I had a hell of a time trying to run apt update still...
This is really a weird target, as the article notes. Bluesky and Mastodon (?!) also had alleged attacks.
The companies that fund Trump's ballroom might like these targets.
Bluesky and mastodon both strike me as easy targets, they expose protocol level integration points that are probably reasonably expensive to serve and reasonably difficult to detect malicious actors on and/or throttle without significantly degrading the service.
I could see low budget attackers deciding that they were the most (not very much) bang for the (also not very much) buck that they could get...
Ubuntu.com doesn't fit that narrative though. I would have thought canonical would have the servers and skill to weather quite a large attack (on the other hand it did go down...)
... but https://ubuntu.com/ is up?
Been down most of the day for me, as well as a bunch of related domains. Canonical's status page has them linked
Not for me, I'm not getting any response from it.
It's loading, but very slowly.
That's just because everybody is checking if it is down.
I bet a fair number of websites would collapse under the curiosity load if it were published in major news outlets they they were down. When was the last time you went to nissan.com? But you'd probably go check if you heard it was down.
Loads for me, but not particularly quickly
Not loading for me right now.
dead here
> Why the group is targeting London-based Canonical remains unclear and no reason was given via its Telegram channel. It is presumably because Ubuntu is one of the most popular Linux distros.
Okay... so? I do not understand the connection between Linux and the US/Israel. You'd think Iran would be very pro-Linux since Windows is a very obvious liability for them.
Is there any reason to believe this attack even has anything to do with Iran? They could simply want money and they just happen to also be pro-Iran.
Maybe they're still mad about systemd.
Systemd was NOT Canonical’s “fault”. They pushed upstart until Debian chose systemd, at that point it made no sense to resist assimilation like all other distros.
It's not Linux, it's Ubuntu. Which is developed by Canonical. Which is a military contractor that has a permanent DoD team and works with the USAF. Which is bombing their country.
> I do not understand the connection between Linux and the US/Israel. You'd think Iran would be very pro-Linux since Windows is a very obvious liability for them
Canonical is a British company and the employees are westerners. That makes them targets in the eyes of Iran.
People are forgetting that the Iranian government detests Israel and the entirety of the West. The core principal of the revolution is reversing westoxification (Gharbzadegi) and returning to the norms of the Imam Husayn (Velayat-e Faghih). That's the whole crux of the Islamic Revolution and why the Islamic Revolutionary Guard Corp (IRGC) exists.
Open source and anti-war westerners are viewed opportunistically but with disdain.
just now:
Tangent, but I hate snap with the fury of a thousand suns. That single handedly pushed me to pop, then mint.