FRESH

Hacker News

Ubuntu servers taken offline by "sustained, cross-border attack"

123 points by RattlesnakeJake

by sdoering

0 subcomment

by andai

2 subcomments

Is this somehow preventing server updates? e.g. to keep the recent vulnerability unpatched for longer?
I'm not sure if that makes sense, I think the apt mirrors are all over the place, hosted by universities etc.

by tcp_handshaker

3 subcomments

It seems Ubuntu infra is hosted at cloud provider? All have the mechanisms to protect from these types of attacks. Is this an architecure design failure?

by strenholme

1 subcomments

Maybe they’re trying to block access to this URL: https://ubuntu.com/security/CVE-2026-31431
To address that, here is how to disable that local root access in Ubuntu 24.04:
https://news.ycombinator.com/item?id=47957409

by tonymet

2 subcomments

by _DeadFred_

0 subcomment

by aussieguy1234

2 subcomments

It's an Iranian state based actor.
They're targeting the most popular Linux distro, likely to prevent access to patches for the CopyFail attack so they can use it to do even more damage.
(CopyFail allows any unprivileged user to be elevated to root very easily)

by scorpioxy

3 subcomments

cross-border attack? The internet doesn't have borders. The title of the article has nothing to do with the title submitted here.
edit: I should probably add more context as some commenters didn't understand. The DDOS attack is likely coming from compromised IoT devices. Most, if not all, of the big ones in the last few years(decades?) were that. Unless all the devices are located within a specific country and non are within the US then I think it is silly to use that term to imply that this is some sort of war from across the border. The reporting is fine for what they know so far, the submitted title is not.