I wish they’d been more specific in the general description; this is a local routing attack that can be applied against clients of public VPN services.
For a moment I was worried about my personal VPN, which is not configured in a way that this abuse could happen.