Fox-IT blog - 14 Dec 2017 https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/ Read more there.
The fact that this happened to a security company (that is involved in protecting Dutch "state secrets") has raised some attention, at least in The Netherlands. Here is a Dutch article by newspaper "de Volkskrant": https://www.volkskrant.nl/tech/kort...ertrouwelijke-bestanden-onderschept~a4545445/
Graham Cluley blog: "Fox-IT reveals hackers hijacked its DNS records, spied on clients' files. Dutch security firm was not protecting its DNS entries with two-factor authentication." https://www.grahamcluley.com/fox-it-dns-hack/
I'm sorry, but this is a bit embarrassing, you would think that such a company would have covered this stuff. I felt the same when I read about Kaspersky being hacked. But cool that both companies decided to be open about it, so we can all learn from it.