[aussieguy1234]

It's an Iranian state based actor.

They're targeting the most popular Linux distro, likely to prevent access to patches for the CopyFail attack so they can use it to do even more damage.

(CopyFail allows any unprivileged user to be elevated to root very easily)

[recursivegirth]

Worth calling out that CopyFail can be trivially patched. I did so on my personal devices + remote servers. The attack vector is apparently only typically utilized for exploits anyways, it supposedly has little practical/legitimate use.

This article has instructions on how to self-patch: https://www.bleepingcomputer.com/news/security/new-linux-cop...

[anotherviewhere]

Why would they attack Ubuntu? I would understand if the attack target would be Anthropic, OpenAI and other US fascists. Why Ubuntu?

[RattlesnakeJake]

My first thought is that it's a default base image for a lot of containers, which also include an `apt update` in the Dockerfile. If Iran wants to cripple US industry, then taking down the update servers could screw up a lot of deployment processes