As I understand it, segwit transactions were designed to be backwards compatible. If I understand correctly, they did this by designating the transactions as "anyone can claim", which meant that non-segwit clients would still accept the transactions. It kept from breaking consensus on the whole network. Extra rules were added which are ignored by non-segwit clients, but processed by segwit clients, which on the BTC chain basically prevents that happening.

Because bitcoin cash doesn't validate these rules, I think what ends up happening is that the attacker is taking transactions from the BTC blockchain (as they were validly signed) that send money to segwit addresses, which anyone can spend.

Now, it's entirely possible I'm completely wrong, so take this with multiple grains of salt.