Purely technical
The attacker count on weaknesses in protocol implementation, application, OS, firmware etc..
Those attacks can be easily automated and if the vulnerability is well known pretty easy to defend of.
On the other hand the attack can come basically from any part of the world and is very hard to trace, because it passes occasionally through multiple systems covering the originating point

Physical attacks
The attacker aims to gain physical access to the targeted facility using weaknesses in one or more physical security controls. Of course those attacks are physically limited to the areas of the target premises etc. the attacker should be physically there.

Social engineering
The attacker rely on a major weakness in the meatware called trust. Those kind of attacks aim to fool someone from inside the organisation to trust external entity. The techniques employed most often include phone calls & e-mails.
Again since e-mails can be send basically from anywhere in the world and since phone calls can be chained easily and come from everywhere there is no geographical limitations for the attacker.

Those three basic types of attacks could be combined in order to achieve the ultimate goal – access to the targeted resources.