Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent:
Compromise an endpoint via software exploit, or social engineering a user to run malware on their device;
Find ways to move laterally inside the network and compromise privileged identities;
Repeat as needed until you can execute your desired attack — usually