Some Ubuntu services are still down following outages after DDoS attack

An Iraqi hacktivist group is claiming responsibility

News By Sead Fadilpašić published 5 May 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter

• A sustained DDoS attack disrupted Ubuntu installs, updates, and Canonical’s web infrastructure
• The outage lasted nearly a full day, affecting security APIs and multiple websites
• An Iraqi hacktivist group claimed responsibility, using a booter service to launch the attack

Users are reporting being unable to install or update Ubuntu following a Distributed Denial of Service (DDoS) attack by Iraqi hacktivists, with Canonical, the company behind the popular Linux distribution, was also struck.

“Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it. We will provide more information in our official channels as soon as we are able to,” the company said at the time.

Discussing the attack on unofficial Ubuntu forums, community members confirmed that the distro’s security API was affected, as well as multiple websites. Updates and system installs were also unavailable at the time.

Article continues below

Islamic Cyber Resistance in Iraq 313 Team

The attack was claimed by a group calling itself The Islamic Cyber Resistance in Iraq 313 Team. In a Telegram channel, the group allegedly said it used a DDoS-as-a-Service tool called Beamed to launch the attack.

Beamed is a booter (or stresser), a tool that allows users to “stress test” their website by paying for a DDoS attack. The service claims to be able to launch a 3.5 Tbps attack, half the power needed to deliver a record-breaking attack.

A DDoS happens when hundreds of thousands of internet-connected devices try to communicate with a single server, overloading it, forcing it to crash, and thus denying legitimate traffic any access. To create a DDoS service, the threat actors must gain control over these endpoints, which is usually done through malware. Using automated scripts and bots, the threat actors can look for vulnerabilities or weak login credentials and use the access to deploy different variants of malware.

After that, they can operate the instances through a unified dashboard. This access is then sold on the black market for a monthly fee. That fee can be anything from $10 for cheap services, to $500 a month for sustained, high-power attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors