This was my exact question as well, and I wish the article did a better job answering it. There was a linked article that explained how it worked with physical access, i.e. popping the top of the ATM panel (it said the physical lock that keeps this down is like a "bathroom lock" and easily picked), and then there are USB or SIM card ports you can interface with.
For the remote attacks, though, like the one where it said could result in many ATMs at the same time being hacked, I don't begin to understand where the attack vector starts.
ATMs generally connect to a management system to retrieve configuration and report status. Like many back-end systems, these are often poorly designed and don't receive extensive security review. So if you can compromise one, there's an opportunity to potentially deliver a malicious configuration to a large number of machines at once.
Similarly, there are several ways that attackers can find ATMs on the internet or telephone system in bulk. Although the situation has improved, ATMs historically had very poor authentication for remote management (some likely still do) which made them vulnerable to malicious reconfiguration over the internet or telephone modem.
For the remote attacks, though, like the one where it said could result in many ATMs at the same time being hacked, I don't begin to understand where the attack vector starts.