This would be very hard to protect against; if the attacker controls Linode and Hetzner, it is likely they also have access to the disks and memory for the virtual services, and not just the network. So extracting the private key for the real certificate is probably also on the table as an option for the attacker, and would be much harder to detect.

As they say in the article, end-to-end encryption such as OTR is probably important to avoid getting caught in dragnets like this.

fun fact - lately russian govt started testing out protocol blocking (through dpi), several days ago there were reports of xmpp blocked for everything but jabber.ru.

warrant was likely received to bust some cybercrime org, jabber is pretty popular in ex-ussr in these circles, the usual question is what happened with this mitm channel after.