Canonical Under Fire: Major Cyberattack Disrupts Ubuntu Services and Snap Store

By

Overview of the Attack

If you are an Ubuntu user, developer, or system administrator, you may have encountered difficulties accessing Canonical's official websites, the Snap Store, or Launchpad in recent hours. Canonical has confirmed that its infrastructure is under a sustained, cross-border attack, which began around 6 PM UK time on April 30. The company has stated that it is actively working to address the situation and will provide further updates as they become available.

What's Affected?

The attack has impacted several critical Canonical platforms. Below is a summary of services currently experiencing disruptions:

• Ubuntu website (ubuntu.com) – intermittent downtime and slow loading times.
• Snap Store (snapcraft.io) – users may experience issues with searching, installing, or updating Snap packages.
• Launchpad (launchpad.net) – code hosting, bug tracking, and package building services are affected.
• Canonical's main archive server (archive.ubuntu.com) – currently offline, impacting package retrieval for systems configured to use this primary source.

What's Still Working?

Despite the attack, many core Ubuntu services remain functional thanks to Canonical's distributed infrastructure and redundancy measures. Key unaffected services include:

• Ubuntu APT repositories – these are mirrored across multiple locations, countries, and servers, allowing package updates to continue via mirrors. Even though the main archive.ubuntu.com is offline, mirror networks remain operational.
• ISO image downloads – users can still download Ubuntu operating system ISO files from alternative sources like releases.ubuntu.com and other mirror sites.
• Core Ubuntu cloud images – cloud deployment images are also available through independent mirrors and cloud provider marketplaces.
• Ubuntu community forums – while not directly under attack, some community-managed resources continue to operate normally.

Canonical's Response

Canonical's security team has confirmed the attack and is implementing countermeasures. The company has not yet disclosed the attack's nature (e.g., DDoS, vulnerability exploitation, or supply-chain intrusion) nor attributed it to any specific group. However, the term cross-border suggests threat actors operating from multiple jurisdictions, complicating mitigation. Canonical advises users to remain cautious and monitor its official status page for updates.

Impact on Users and Developers

The outage affects a broad range of users:

End Users

Desktop and server users may face delays when updating Snap packages or accessing Ubuntu documentation. However, traditional APT-based updates via mirrors remain functional, and the core operating system is not compromised.

Developers

Launchpad users working on open-source projects hosted on Canonical's platform are unable to push code, manage bugs, or build packages. This impacts projects that rely on Launchpad for continuous integration and distribution.

Enterprises

Organizations using Ubuntu Pro or Canonical's managed services may experience degraded support channel access. Mission-critical systems using local mirrors or private repositories are less affected.

Recommendations for Ubuntu Users

While Canonical resolves the issue, consider the following steps:

1. Switch to a mirror – If you rely on archive.ubuntu.com, temporarily edit your /etc/apt/sources.list to use a local or nearby mirror from the official mirror list.
2. Use Snap offline packages – For critical Snap applications, download Snaps via alternative channels or use snap download commands when services are available.
3. Monitor status – Check Canonical's status page for updates.
4. Avoid bulk updates – Until the attack is resolved, postpone non-essential updates to reduce load on recovering services.
5. Stay informed – Follow official Canonical channels (blog, social media) for verified information.

Conclusion

Canonical's coordinated response and the inherent resilience of Ubuntu's distribution model – thanks to extensive mirror networks and decentralized infrastructure – have limited the attack's impact. While downtime for the website, Snap Store, and Launchpad is inconvenient, the core operating system and its update mechanism remain secure. This incident serves as a reminder of the importance of redundancy and distributed systems in open-source ecosystems. Canonical has not yet released a full post‑mortem, but users can expect a detailed analysis once the attack is fully mitigated.

This article was originally published on OMG! Ubuntu and is reproduced with permission.

Related Articles

• How to Safeguard Your Enterprise from Shadow AI Agents with Microsoft Agent 365
• Canonical Under Attack: Key Questions About the April 30 Service Outage
• Unveiling AccountDumpling: How 30,000 Facebook Accounts Were Stolen via Google AppSheet Phishing
• Credit Unions Under Siege: Fraudsters ‘Borrow’ Identities, Not Hack Systems – New Report
• Dune-Inspired Malware Infiltrates Popular AI Library: Full Breakdown
• AI-Powered Malware Reaches Operational Maturity: January-February 2026 Threat Report Reveals New Cyber Risks
• Decoding SHADOW-EARTH-053: A Q&A on China-Linked Cyber Espionage
• Stealthy Python Backdoor DEEP#DOOR Targets Browser and Cloud Logins via Tunneling Service