Scanning for IP addresses of targets

I’m new to hacking and I keep hearing about how white hat hackers and black hat hackers are able to penetrate company and government networks. The part of this process I don’t really know is how black hat hackers and white hat hackers are able to find the IP addresses of the machines in these networks on the internet when they are first attempting to penetrate these networks without the use of social engineering. It would be really helpful if I could have any information on the techniques used to identify the IP addresses hackers want to target on the internet.