I work as a penetration and red teamer for a few years now and I have been wondering: How do operators which target organizations in foreign languages deal with the language barrier?
From my team's and my own experience I know that being proficient in or at least understanding the target language is extremely important: You can't do proper spear phishing or impersonation without good command of a language. More importantly though, in the post-exploitation phase, natural language plays an increasingly bigger role: As target's ramp up their technical security (patch levels and configs) it is more and more important to understand information in the target's language. You cannot navigate file systems without knowledge of your target's language properly. You can't identify juicy files or interesting folders if you can't understand their names. You cannot perform full-text searches. You cannot read internal documentation in wikis or Office documents. You cannot read e-mails of compromised users. And so on, and so forth. Being able to at least read and understand your target's language is pretty important nowadays.
How do state actors, professional groups and APTs deal with this? I guess it is not so uncommon for Chinese or Russian operators to understand English, but the other way around is more unlikely.
Do Western operators always have a translator sitting next to them? Do they use translation tools within their tooling? Do most operators deployed against a Russian target also speak sufficient Russian?
Does anybody have an idea how professional cyber operations overcome the language barrier?