Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent:
Compromise an endpoint via software exploit, or social engineering a user to run malware on their device; Find ways to move laterally inside the network and compromise privileged identities; Repeat as needed until you can execute your desired attack usually