I had the same impulse (or at least copy.fail inducing many to upgrade at the same time.) However, it might be a "pro-Iran hacktivist group" according to

https://www.theregister.com/2026/05/01/canonical_confirms_ub...

"Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant."

Perhaps more to do with extortion rather than activism. (I have no idea how accurate theregister is on this story.)