Both the Bleeping Computer and Tom's Hardware articles don't really seem to understand what over-provisioning is, one calling it "an area of the SSD" and the other "a partition". It's neither. It's simply unused cells in a NAND module that are remapped once good flash cells are showing signs of going bad (taking over from the bad ones). Since there are no seek times to consider in an SSD, once a cell goes bad, it is simply copied/cloned to a good cell from the over-provisioning stock.
They are neither "an area" nor "a partition". They are spare cells in the NAND flash module, and usually equitatively spread out across the NAND flash modules on the PCB of the SSD (of if there were 4 Flash modules on the PCB, the over-provisioning would come equally from all 4).
Also, not all companies over-provision their SSDs. If you see a 500GB implementation of an SSD, it actually contains 500GB of partitionable Flash memory, plus 12GB set aside for over-provisioning. Cheaper brands tend to not over-provision their drives at all.
Typically you'll have:
|Announced capacity||Over-provisioning||Total capacity|
|240 GB||16 GB||256 GB|
|250 GB||6 GB||256 GB|
|256 GB||0 GB||256 GB|
|480 GB||32 GB||512 GB|
|500 GB||12 GB||512 GB|
|512 GB||0 GB||512 GB|
|960 GB||64 GB||1024 GB|
|1000 GB||24 GB||1024 GB|
|1024 GB||0 GB||1024 GB|
So, SSDs that typically display a lower storage capacity in their "band" (i.e. 256, 512, 1024), will be more reliable as they can re-allocate more data from dying NAND cells to fresh NAND cells. No over-provisioning means you might find yourself in trouble faster than you'd hope for.
Coming back to the article: it seems the malware attack targets a tiny section of the over-provisioning cells on an SSD to hide its presence, as these aren't visible to the OS.