Canonical has confirmed that its Ubuntu web infrastructure is under a sustained cross-border DDoS attack, resulting in outages across public-facing Ubuntu services.
The company acknowledged the incident in an official Ubuntu Discourse announcement, stating that Canonical’s web infrastructure is under attack and that it is working to resolve the issue. The notice did not include technical details, identify the attackers, or specify when full service would be restored.
The outage has disrupted access to Ubuntu-related web services, with users reporting connection failures and interruptions on ubuntu.com and related infrastructure. Canonical’s status page lists active incidents affecting both Canonical and Ubuntu services.
Importantly, a distributed denial-of-service attack does not indicate a system breach. In these incidents, attackers typically overwhelm a service with traffic, causing it to slow, become unstable, or become unreachable.
This disruption follows a similar incident affecting Arch Linux in August 2025, when the project confirmed a DDoS attack on its main website, the Arch User Repository, and project forums. At that time, Arch reported that the attack mainly impacted public-facing services, not the distribution’s package integrity.
Now with this, the Ubuntu incident becomes part of a broader trend in which Linux distribution infrastructure has become a visible target for availability attacks. At the time of writing, Canonical has not publicly said what motivated the attack.
While some reports mention claims of responsibility by a hacktivist group, Canonical has not attributed the incident to any party. Until further details are provided, the confirmed facts remain limited to a sustained DDoS attack affecting Canonical and Ubuntu web infrastructure.
