DHS: Multiple US gov domains hit in serious DNS hijacking wave

Was the gist of this the lack of MFA/2FA on DNS admin authentication and their admin accounts getting popped through brute force or phishing? The articles I have read seem to hype this up as a sophisticated attack. From what I can see, it was a targeted account take-over.

Good thing we've been taking it easy on cyber-defense.