In a typical SIM swapping attack, the attacker will contact the Cellular Carrier (either in-person at a retail store, or by phone/online support), impersonating the victim and claim that they've lost their phone (including SIM) and that they need a new SIM for their account.
Carriers should have procedures in place to ensure that the identity of someone who presents themselves with this situation is verified, but it can often be bypassed.
In the case of the article, corrupt employees of the carrier are being bribed to bypass the ID and security checks that should take place in the above situation.
In other attacks, there are social engineering ways of bypassing the ID checks - such as claiming to be the victim of a robbery where both the phone and wallet were taken - so they don't have any ID, credit cards, or phone to prove who they are and that getting a new SIM would really help them out.
Carriers should have procedures in place to ensure that the identity of someone who presents themselves with this situation is verified, but it can often be bypassed.
In the case of the article, corrupt employees of the carrier are being bribed to bypass the ID and security checks that should take place in the above situation.
In other attacks, there are social engineering ways of bypassing the ID checks - such as claiming to be the victim of a robbery where both the phone and wallet were taken - so they don't have any ID, credit cards, or phone to prove who they are and that getting a new SIM would really help them out.