An attacker is not required to have 51% in order to force a reorg, but the probability of success drops very quickly with lower hash rate and more blocks. This is why it is recommended to wait for additional confirmations if there is a risk due to a reorg.
They could force a reorg if they own most of the networking infrastructure, since Bitcoin Core packets are unencrypted (unless you use Tor to connect to it), they will be able to read any packet they want and drop some of them, preventing the relaying to a large portion of nodes of mined blocks that the operator don't like until other blocks are mined.
Jam enough blocks, and you can cause a mempool congestion, possibly even dropping transactions if the total size is over 300MB.
Even Hetzner could (theoretically) do this as they own a large percentage of nodes. If it fails, it would cause a chain split and would be even more destructive than a few reorged blocks (as transactions inside would go back into the mempool).