An unauthorized connection occurred Friday July 7 at 11:00 UTC (4:00 AM PDT) at one of the technical providers we use to manage a number of geographic TLDs. In all, 751 domains were affected by this incident, which involved an unauthorized modification of the name servers [NS] assigned to the affected domains. This then forwarded traffic to a malicious site exploiting security flaws in several browsers. As of 18:02 UTC (11:02 AM PDT), all operations had been fully completed by the various registries involved.”]
Source: https://news.gandi.net/en/2017/07/report-on-july-7-2017-incident/