It redirects to a site with a valid certificate belonging to "The Linux Foundation." To a domain with a whois record belonging to The Linux Foundation. With DNS servers belonging to the Linux Foundation.
The first part isn't super reliable. Historically, CAs have just let you put whatever you want there and only enforced the common name. They're supposed to be cleaning up their act (at least for recently-issued certs), but I'd still only trust it for EV certs.
The rest is all valid. (Unless you assume that the hack also hacked DNS, which is plausible but unlikely.)
Do you have any links regarding that? Regardless, some/most trusted CAs include the OID 2.23.140.1.2.2 when a certificate is OV validated per CA/B guidelines, so you could just look for that.
The rest is all valid. (Unless you assume that the hack also hacked DNS, which is plausible but unlikely.)