ALUMINUM SARATOGA

ALUMINUM SARATOGA, self-styled as the Gaza Hackers Team, is a threat group that CTU researchers assess with moderate confidence to be of Palestinian origin. The group operates against Middle Eastern and Northern African targets and is known as Dusty Sky and Molerats in public reporting. Technical evidence indicates that it has been active since at least 2011. The group’s activities include targeted spearphishing, distributed denial of service attacks and website defacements. ALUMINUM SARATOGA uses many openly available tools for its operations, including XtremeRAT, QuasarRat, DarkComet, Blackshades and PoisonIvy. A campaign from late 2021 and early 2022 featured phishing lures using both threat-actor controlled infrastructure and Dropbox links and the NimbleMamba and BrittleBush malware.