diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index dab86b1..f436f37 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2267,7 +2267,12 @@
     },
     {
       "value": "Nexus Zeta",
-      "description": "Nexus Zeta is no stranger when it comes to implementing SOAP related exploits. The threat actor has already been observed in implementing two other known SOAP related exploits, CVE-2014–8361 and CVE-2017–17215 in his Satori botnet project. A third SOAP exploit, TR-069 bug has also been observed previously in IoT botnets. This makes EDB 38722 the fourth SOAP related exploit which is discovered in the wild by IoT botnets."
+      "description": "Nexus Zeta is no stranger when it comes to implementing SOAP related exploits. The threat actor has already been observed in implementing two other known SOAP related exploits, CVE-2014–8361 and CVE-2017–17215 in his Satori botnet project. A third SOAP exploit, TR-069 bug has also been observed previously in IoT botnets. This makes EDB 38722 the fourth SOAP related exploit which is discovered in the wild by IoT botnets.",
+      "meta": {
+        "refs": [
+          "https://blog.newskysecurity.com/masuta-satori-creators-second-botnet-weaponizes-a-new-router-exploit-2ddc51cc52a7"
+        ]
+      }
     }
   ],
   "name": "Threat actor",