diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d3bb454..acf1649 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8501,6 +8501,17 @@
       },
       "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",
       "value": "HAFNIUM"
+    },
+    {
+      "description": "RedEcho: The group made heavy use of AXIOMATICASYMPTOTE — a term we use to track infrastructure that comprises ShadowPad C2s, which is shared between several Chinese threat activity groups",
+      "meta": {
+        "refs": [
+          "https://www.recordedfuture.com/redecho-targeting-indian-power-sector/",
+          "https://therecord.media/redecho-group-parks-domains-after-public-exposure/"
+        ]
+      },
+      "uuid": "986fcc3f-5f36-4975-bf5f-c42524466bbd",
+      "value": "RedEcho"
     }
   ],
   "version": 199