The Arch Linux Project has been subjected to a sustained DDoS (Distributed Denial of Service) attack over the past two weeks, severely disrupting its core services. The attack primarily targeted the main webpage, Arch User Repository (AUR), and forums, leading to partial and intermittent outages. The AUR, a critical repository for user-submitted package descriptions that complement the official software distribution, has been heavily impacted, hindering users from installing software, updating systems, or downloading installation ISOs. While the Arch Linux team is collaborating with its hosting provider to mitigate the attack and implement DDoS protection, the service disruptions persist, forcing users to rely on workarounds documented on a dedicated outage page.The incident has not only degraded user experience for Arch Linux’s global community including advanced users and derivatives like SteamOS (Valve’s Steam Deck), EndeavourOS, and Manjaro Linux but also strained the volunteer-driven DevOps team, who are working under pressure to restore stability. The attack’s origin and motives remain undisclosed during the ongoing investigation, but the prolonged downtime risks eroding trust in the distribution’s reliability, particularly among intermediate and advanced Linux users who depend on Arch for its minimalist, customizable approach. The financial and reputational costs, while not explicitly quantified, are compounded by the loss of accessibility to critical development and user resources, potentially discouraging contributions to the open-source project.
TPRM report: https://www.rankiteo.com/company/archlinux
"id": "arc522082425",
"linkid": "archlinux",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Users of Arch Linux, AUR, and '
'Forums (including '
'intermediate/advanced Linux '
'users, SteamOS/Steam Deck '
'users, and derivatives like '
'EndeavourOS/Manjaro Linux)',
'industry': 'Technology (Operating Systems)',
'location': 'Global (community-driven, no centralized '
'HQ)',
'name': 'Arch Linux Project',
'type': 'Open-source Linux distribution'}],
'attack_vector': 'DDoS (likely volumetric or protocol-based, targeting web '
'services)',
'customer_advisories': 'Workarounds provided for installing software, '
'updating systems, and downloading ISOs; community '
'asked to bear with the team during resolution',
'date_publicly_disclosed': '2025-08-22',
'description': 'The Arch Linux Project has been experiencing an ongoing DDoS '
'(Distributed Denial of Service) attack over the last two '
'weeks, primarily impacting the main webpage, the Arch User '
'Repository (AUR), and the Forums. The attack has caused '
'service outages, disrupting access to software packages, '
'system updates, and install ISOs. The Arch Linux team is '
'collaborating with their hosting provider to mitigate the '
'attack and implement DDoS protection measures. Workarounds '
'for users are provided on the service outage page, while '
'investigation details (including origin, motives, and '
'mitigation tactics) remain undisclosed. Regular updates are '
'being shared via a service status page.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'service unavailability, though '
'community support remains strong '
'(volunteer-driven project with '
'expressed gratitude for patience)',
'downtime': 'Partial outages (ongoing as of 2025-08-22)',
'operational_impact': 'Disrupted access to software packages, '
'system updates, and install ISOs; reliance '
'on workarounds for users',
'systems_affected': ['Main webpage (archlinux.org)',
'Arch User Repository (AUR)',
'Forums']},
'initial_access_broker': {'high_value_targets': ['Main webpage',
'Arch User Repository (AUR)',
'Forums']},
'investigation_status': 'Ongoing (details withheld, including origin, '
'motives, and specific mitigation tactics)',
'references': [{'source': "Tom's Hardware"},
{'date_accessed': '2025-08-22',
'source': 'Arch Linux Service Status Page (update by Cristian '
'Heusel)'}],
'response': {'communication_strategy': ['Public updates via service status '
'page (e.g., 2025-08-22 post by '
'Cristian Heusel)',
'Community engagement (thanking users '
'for patience and support)'],
'containment_measures': ['Collaboration with hosting provider '
'for DDoS mitigation',
'Investigation into DDoS protection '
'solutions'],
'incident_response_plan_activated': True,
'recovery_measures': ['Providing workarounds for users (software '
'installation, system updates, ISO '
'downloads)',
'Regular updates via service status page'],
'third_party_assistance': ['Hosting provider (unnamed)']},
'stakeholder_advisories': 'Regular updates via service status page; community '
'advised to use provided workarounds',
'title': 'DDoS Attack on Arch Linux Project',
'type': 'DDoS (Distributed Denial of Service) Attack'}