Attack groups classified as MEDIUM contain attack objects matching exploits that detect reconnaissance efforts attempting to access vital information through directory traversal or information leaks.